"Dozens of Active Cozy Bear C2 Servers for Data-Stealing Malware Identified"

Researchers from RiskIQ's Team Atlas reported having identified more than 30 active command-and-control (C2) servers being used by APT29, a Russia-backed advanced persistent group, in a campaign to deliver WellMess and WellMail malware. These malware strains were previously identified in espionage campaigns targeting COVID-19 vaccine development efforts in the UK, Canada, and the U.S. APT29, also known as Cozy Bear, has primarily targeted diplomatic, governmental, energy, and healthcare organizations. This threat group is associated with Russia's foreign intelligence service. The researchers say APT29's use of WellMess malware is highly targeted. They have also said that it is relatively rare to find signs of the malware and its C2 servers. This article continues to discuss the identification of active Cozy Bear C2 servers being used to deliver WellMess and WellMail malware. 

Computing reports "Dozens of Active Cozy Bear C2 Servers for Data-Stealing Malware Identified"