Operation Vaccine Development
The APT29 threat group, also known as Cozy Bear, targeted a range of sectors across Canada, Great Britain, and the United States. The campaign focused on entities involved in COVID-19 vaccine development including the government, diplomacy, think-tank, healthcare, and energy domains. The cyber espionage group used malware labeled WellMess, WellMail, and SoreFang to steal sensitive data, install malicious software, execute shell commands, and run scripts. APT29 used spear-phishing emails and exploited public facing servers to carry out the initial infection vector.