Wiki – APT29

APT29 is a threat group that has been attributed to the Russian government and has operated since around 2008.

During 2020 the APT29 group has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.

APT29 has been using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally.

The group was given other nicknames by various cybersecurity firms, including Cozy Bear, Office Monkeys, CozyCar, The Dukes (by Volexity), and CozyDuke (by F-Secure).