• Resilient Defence

Covid-19 vaccines targets for cyber attacks

Currently, the number one priority for the pharma sector is the creation and swift manufacturing of Covid-19 vaccines. As a result, this information is valuable and sought after by those in the cyber world.

The UK’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) have assessed that "APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services." The group have been focusing on governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.

"Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines."


The group uses spear-phishing to obtain authentication credentials to internet-accessible login pages for target organisations.

They also use custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organizations globally, including those organizations involved with COVID-19 vaccine development.

"WellMess and WellMail have not previously been publicly associated to APT29, says the NCSC."

Full report from the NCSC available here.

Contact Information

Suite 5, Providence House,
Blanchardstown Corporate Park One, Dublin 15, D15 XPT9

Privacy & Security

A subsidary of

01 291 4525

  • LinkedIn Social Icon

A member of

©2020 by Resilient Defence