The hackers are disguised under several names, APT29, the Dukes or Cozy Bear. The National Computer Security Center (NCSC) confirms with ninety-five percent certainty that APT29 is part of Russian intelligence. Dominic Raab, Foreign Secretary stated:
It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
Several international agencies published the warning; UK’s -NCSC; Canadian Communication Security Establishment (CSE); United States Cyber-security (CISA); and US National Security (NSA). They warned the hackers used malware: WellMess and WellMail to retrieve files from infected machines. They also got login information with spear-phishing attacks.
The group APT29 has repeatedly targeted organizations who are involved in The development of Covid-19 vaccines.