Cozy Bear still actively serving WellMess malware

Cybersecurity company RiskIQ indicated that APT29, a hacker group connected to Russia’s intelligence services also known as Cozy Bear, is actively serving malware (WellMess, WellMail) via three dozen servers. The malware was previously used in espionage campaigns targeting COVID-19 research in the UK, USA, and Canada in summer 2020. 

The allegations were characterised by Russian Foreign Ministry Deputy Spokesman Alexander Bikantov as ‘contrived,’ particularly because RiskIQ did not specify the malware targets.