web analytics
News and Threat Analysis


We all know that, during this summers, our planet has been under a great pandemic due to China. This virus has not only affect our healths but there has been a worldwide shut down of economy and businesses of some countries. There is a lot of controversy still going on China, many nations are even banning its people and products but we all know, in today’s time, from your even luxury item to a small pin, China has some amount of contribution in manufacturing it.

As the world’s biggest manufacturer, it also manufactured a virus named Coronavirus which affects citizen with a disease named Covid-19. Every country, institution, school, college, organizations are countinuously organizing webinars, hackathons to find solution to fight with this virus around the world. Even small children are now familiar with this virus, that before teaching them academics, they are now getting familiar with study of the virus nowadays. But Russia believes in some another way.

Recent reports by government of UK intelligence show that Russia is taking a short way to fight with this virus. On the analysis by the intelligence team of UK, they found their systems infected with a malware by APT29 also popularly known with ‘the Dukes’ or ‘Cozy Bear’, where all researches related to vaccine of COVID-19 are stored i.e. systems of medical and research organization in UK.

We all know that in this worldwide outbreak, how the intensity of attacks have increased whether it is a small entity like small persons are getting affected with phishing attacks or it is large organizations either public or private getting affected with ransomware. Let’s see how the UK systems were infected.


The attackers behind this attack are the well known APT29, known by many names CozyDuke, CozyBear, CozyCar, FancyBear and Office Monkeys (among others). Due to past attacks conducted by this group they are well known to target high profile victims like in this case systems  of UK government organizations focused on research and medical development. This group is known to be associated with Russian Intelligence Services that is official Russian government organization and they are used to keep secret eye on their victims.

Their attack uses a simple methodology of advanced phishing to target their victims. They make use of emails and other social engineering techniques to deliver the backdoor in the target’s system. After the malware enters into their system, it automatically checks any security products in that system and then selectively it spread into the victim’s system and creates a backdoor. Then it communicates with its required Command and Control Server.

This diagram shows well how they attack:

The payload can be sent as any attachable payload either media (image, flash, video) or can be an html document. The end motive is to run a script to download the actual malware in the background.

In the attack against medical and research organization in UK, they used a custom malware WellMess and WellMail to attack organizations which had not been previously in any of their cyber massattack.


Intelligence teams of three big nations Canada, United States and United Kingdom have agreed with the statement that Russian hacking groups are highly engaged stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. This behhaviour is absolutely not acceptable by any nation who is working hard to develop a vaccine against the virus. It is better if we all unite and fight with this coronavirus in a peaceful manner.