A 16-page advisory prepared by Western agencies and made public Thursday accuses Cozy Bear of using custom malicious software to target a number of organizations globally.
The malware, called WellMess and WellMail, has not previously been associated with the group, the advisory said.
“In recent attacks targeting Covid-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
Cozy Bear is one of two hacking groups suspected of separate break-ins of computer networks of the Democratic National Committee before the 2016 U.S. election.
Stolen emails were then published by WikiLeaks in what U.S. intelligence authorities say was an effort to aid Trump's campaign over Democratic rival Hillary Clinton.
A report on Russian election interference by former special counsel Robert Mueller called out another group, Fancy Bear, in the hack-and-leak operation.
Cozy Bear, though, operates "quietly gaining access and gathering intelligence," said Hultquist of the Mandiant cybersecurity firm.
Their goal, he said, is “good old-fashioned espionage.”
Separately, Thursday, Britain accused “Russian actors” of trying to interfere in December’s U.K. national election by circulating leaked or stolen documents online.
Unlike in the vaccine report, the U.K. did not allege that the Russian government was involved in the political meddling. (Writer: Eric Tucker, Jill Lawless, Danica Kirka)https://t.me/kompascomupdate, kemudian join. Anda harus install aplikasi Telegram terlebih dulu di ponsel.