The National Cyber Security Council (NCSC) has published advice on detection and mitigation of cyber threats for organisations involved in developing potential vaccines for coronavirus.
It has taken the step after announcing that Russian cyber actors within a threat group known as APT29 have been targeting the organisations.
NCSC said the group has an ongoing campaign of malicious activity to steal intellectual property, predominantly against government, diplomatic, thinktank, healthcare and energy organisations.
It has published an advisory notice, outlining tools and techniques used by APT29, including spear phishing and custom malware known as WellMess and WellMail.
An appendix provides rules and indicators of compromise to be used in defence against the group.
NCSC said the technical detail and mitigation advice has been endorsed by the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Despicable attacks
Its director of operations, Paul Chichester, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
Known targets of APT29 include UK, US and Canadian vaccine research and development organisations. The group uses a variety of tools and techniques, including spear phishing and custom malware known as WellMess and WellMail.
Cyber threats emerging from the coronavirus pandemic will provide a key element of UKAuthority’s next Cyber4Good conference, set to take place as a virtual event, with three 90-minute sessions on 9, 10 and 11 September. It will look at how organisations can defend the sensitive data that is playing a crucial part in coordinating the public sector response and research into the pandemic.
More details and registration for the event can be found here
Image from BMT
