Attacks on Vaccine Makers - ThreatWire
Added 2020-07-21 23:16:42 +0000 UTCBy Shannon Morse, ThreatWire
On Thursday, British intelligence officials stated that pharmaceutical companies and academic institutions working on Covid19 vaccines in the US, UK, and Canada are being targeted by Russian state sponsored attackers. The attacks are being attributed to the hacking group called APT29 or Cozy Bear, which has been behind many attacks in the past decade, including the DNC 2016 leaks. The findings were published by the US National Security Agency and the DHS, the UK’s National Cyber Security Centre, and Canada’s Communications Security Establishment.
A spokesperson for Putin refuted these claims. Russia has stated that they are working on human trials for their own vaccine, while trials are also underway within several countries across the globe, in a worldwide attempt to stem the pandemic.
Minimal technical details were publicized about these alleged attacks; the post and the full report share that custom malware and phishing attacks are being used against vaccine researchers. The attackers are scanning the web for open servers, gaining access through known vulnerabilities that haven’t been patched or mitigated including several CVEs. They could also be using stolen credentials from phishing attempts to gain persistent access. The custom malware is called WellMess and WellMail, which allows for attackers to issue malicious commands, upload or download files, and steal important info from target devices they’ve infected. This activity started in April and is ongoing.
Because of this, the national agencies have recommended companies keep devices up to date, use multi factor authentication, train staff, set up security monitoring, and prevent lateral movement from one device to another within their networks.
Links: Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch Directly! - https://snubsie.com/shop
Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24
http://www.youtube.com/ShannonMorse?sub_confirmation=1 -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! Sign up now for ACTION ALERTS! https://www.patreon.com/threatwire COVID Vaccine Attacks https://www.ncsc.gov.uk/news/uk-and-allies-expose-russian-attacks-on-coronavirus-vaccine-development https://arstechnica.com/information-technology/2020/07/russia-linked-hackers-accused-of-targeting-covid-19-vaccine-developers/ https://media.defense.gov/2020/Jul/16/2002457639/-1/-1/0/NCSC_APT29_ADVISORY-QUAD-OFFICIAL-20200709-1810.PDF https://www.cnet.com/news/russian-hackers-allegedly-behind-cyberattacks-to-steal-covid-19-vaccine/
