Skip to Main Content

Malicious Activity Targeting COVID-19 Research, Vaccine Development

In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom (UK), and Canada, the National Security Agency (NSA) released a Joint Cybersecurity Advisory to expose the threat. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development. Tools include SOREFANGWELLMESS, and WELLMAIL malware.

Review the Joint Cybersecurity Advisory and the following Malware Analysis Reports for more information and to apply the mitigations provided.

Details of Techniques Initial Infection Vectors

In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations.

The group then deployed public exploits against the vulnerable services identified. The group has been successful using recently published exploits to gain initial footholds. Examples include, but are not limited to:

The group also uses spear-phishing to obtain authentication credentials to internet- accessible login pages for target organizations.