March 25, 2023

The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess also known as WellMail, is a lightweight piece of malware that enables its operators to execute shell commands, as well as to upload and download files on the compromised system.

WellMess was attributed to Russia’s APT29 in 2020, when the United States, the United Kingdom and Canada said it had been used by Russian hackers in attacks aimed at academic and pharmaceutical research institutions involved in COVID-19 vaccine development.

The malware was again mentioned this year, when agencies in the US and UK published a report describing the activities of APT29, which is also believed to be behind the attack on IT management company SolarWinds.

WellMess was mentioned in the report because apparently in response to the exposure of their operation targeting vaccine makers the hackers started using an open-source adversary simulation framework named Sliver to maintain access to existing WellMess victims.

While the company is confident that the servers belong to APT29 and they are still actively used to deliver the malware, it does not have enough information to determine how the infrastructure is being used or whom it has been used to target.

Tags:

Leave a Reply

You may have missed

Github seizes Exposed RSA SSH Key

Github seizes Exposed RSA SSH Key

March 24, 2023
MITRE Risk Model Manager Platform

MITRE Risk Model Manager Platform

March 24, 2023
Pwn2Own Vancouver 2023 -Day 2 Summary

Pwn2Own Vancouver 2023 -Day 2 Summary

March 24, 2023
Pwn2Own Vancouver 2023 -Day 1 Summary

Pwn2Own Vancouver 2023 -Day 1 Summary

March 24, 2023
ServiceNow AI and Security Enhancements in Utah release

ServiceNow AI and Security Enhancements in Utah release

March 24, 2023
LionsGate Exposes User Data

LionsGate Exposes User Data

March 23, 2023
%d bloggers like this: