• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

UK National Cyber Security Centre Advisory: Russian Attackers, APT29, Targets Companies Involved in COVID-19 Vaccine Development

July 17, 2020 By Amy Mushahwar, Kimberly Peretti and Larry Sommerfeld

Yesterday, the UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in Canada, the US and the UK.  The Advisory stated that APT29 is “almost certainly part of the Russian intelligence services.”  APT29/Cozy Bear was previously linked to the attack against the Democratic National Committee’s networks during the last presidential election cycle.  Yesterday’s Advisory regarding COVID-19 vaccine development threats was publicly supported by the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Reportedly, APT29 is using custom malware to launch attacks that have not been sourced to the attack group, named “WellMess” and “WellMail.”  The attackers appear to be using vulnerability scanning to detect initial network footholds and to find a means to obtain legitimate credentials for persistent access, before, in some cases, deploying the custom malware.  The Advisory provides a non-exclusive list of the recently published exploits used to gain an initial foothold, as well as known indicators of compromise and detection rules.

Of course, the best defense is a good offense.  To defend against this campaign the Advisory recommends the following items below, to which we have added some detail.

Mitigation Measures

  • Vulnerability scan your external (and internal) environments, and promptly apply security patches and recommended security configuration changes.
  • Use multi-factor authentication (especially for accounts accessible from the Internet, such as a VPN login and accounts used to administer the computing environment).
  • Train users on phishing attacks.
    • Ensure users know how to report such attacks;
    • Do not penalize users for falling for the phish; and
    • Encourage users to promptly report any mistakes, such as clicking on a URL or opening an attachment.
  • Ensure that you have robust log collection practices and security monitoring capabilities, which we are pleased to discuss with you. Consider regularly reviewing and revising your logging and anomaly detection strategies.
  • Prevent and detect lateral movement within your organization’s network.

If you have any questions regarding this Advisory or attacks in general, please contact us.

Filed Under: Advisories, Cyber Risk, Cybercrime, Cybersecurity, Data Protection, Data Security, Digital Crimes, National Security

About Amy Mushahwar

Amy Mushahwar is a partner on the Privacy & Data Security and Cybersecurity Preparedness & Response teams. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies. She advises clients on proactive data security practices, data breach incident response, and regulatory compliance.

[Read Bio]

About Kimberly Peretti

Kim is a former DOJ cybercrime prosecutor and former director of PwC’s cyber forensics group. She has over 20 years of experience in cybercrime, data breach response, and cybersecurity and delivers top-of-the-line cyber risk management and information security counsel to her clients. Kim is co-lead of our Cybersecurity Preparedness & Response Team.

[Read Bio]

About Larry Sommerfeld

Lawrence (Larry) Sommerfeld is a partner on Alston & Bird’s Privacy & Data Security and Cybersecurity Preparedness & Response teams. As an assistant U.S. attorney, he led the Computer Crime and Intellectual Property Unit and investigated and prosecuted the leaders of one of the most sophisticated and coordinated cyber intrusions ever perpetrated. Larry was invited to join the Department of Justice’s Computer Hacking and Intellectual Property Working Group, where he advised the DOJ on developing technology and intellectual property issues, and potential legislation.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy