Canada’s CSE says that the attack was almost certainly the work of Russian hackers known as APT29, also named “the Dukes” or “Cozy Bear”. The hackers used a multitude of techniques and tactics including custom malware such as “WellMess” and “WellMail” to target a number of organizations globally.
Canada’s CSE says “The CSE and its Cyber Centre have assessed that the COVID-19 pandemic presents an elevated risk to the cyber security of Canadian health organizations involved in the national response to the pandemic. We strongly recommend these organizations review this technical advisory, including the indicators of compromise (IOCs), and take any necessary actions to protect themselves from cyber threats. We encourage them as well to contact the Cyber Centre if they suspect they have been targeted by cyber actors.”
The CSE has been posting advice and guidance online since the start of COVID-19, to help inform and educate Canadians on the cyber threats that may be directed against Canada.
CSE information and guidance
- Staying cyber-healthy during COVID-19 isolation
- 5 ways to protect yourself against COVID-19 scams
- Cyber Hygiene for COVID-19
- 7 signs of phishing
- What is phishing?
- Signs of a phishing campaign: How to keep yourself safe
- Phishing: an introduction
- Spotting and handling malicious emails
- Protect your organization from malware