RiskIQ shares list of more than thirty IP addresses of Russian malware servers

Spread the love

Security company RiskIQ has published a list of more than thirty IP addresses of Russian malware servers linked to the hacker collective APT29 and the Russian government. According to the company, the servers are currently still in active use.

The ball went according to RiskIQ rolling after a potential WellMess malware server was reported on Twitter early last month. The ip address and ssl certificate were shared on Twitter whereupon RiskIQ started to analyze it. The company searched and found more than thirty similar, active ones ip addresses and similar ssl certificates and was able to link it ‘with a great deal of certainty’ to the server infrastructure used by APT29. According to RiskIQ, the servers are still actively used by APT29. The security company cannot say which parties are targets of APT29.

APT29, also known as The Dukes of Cozy Bear, is a Russian hacker collective that last year attacked scientists from the United Kingdom, the United States and Canada who were researching the corona vaccine via malware. According to the security services of the US, UK and Canada, the hackers ‘most likely’ had the intention to steal information about the development of the vaccine. These security services say that APT29 is ‘almost certainly’ part of the Russian intelligence services.

You might also like