see url:
https://www.theregister.com/2021/07/30/riskiq_reveals_30_svr_apt29_c2_servers/?td=keepreading-btm
see full article...
Quote<<<
Details of 30 servers thought to be used by Russia's SVR spy agency (aka
APT29) as part of its ongoing campaigns to steal Western intellectual
property were made public today by RiskIQ.
Russia's Foreign Intelligence Service "is actively serving malware
(WellMess, WellMail) previously used in espionage campaigns targeting
COVID-19 research in the UK, US, and Canada," according to threat intel
firm.
"Team Atlas assesses with high confidence that these IP addresses and
certificates are in active use by APT29 at the time of this writeup,"
said RiskIQ in its blog post. "We were unable to locate any malware
which communicated with this infrastructure, but we suspect it is likely
similar to previously identified samples."
Previously the SVR was linked to the WellMess malware, seen being
deployed against Western medical science institutions in early 2020 as
nation states raced to develop effective vaccines against COVID-19.
In revealing these 30 servers' IP addresses and details of their SSL
certificates, RiskIQ follows the lead of the US CISA infosec agency,
which in April told the world exactly what the SVR was deploying and
from where, along with offering avoidance advice. The company also
highlighted Japan's CERT's uncovering of WellMess as a new malware
strain targeting Windows and Linux back in 2018.
>>>End of Quote
