Cybersecurity

Russian Hackers Continue With Attacks Despite Biden Warning

Researchers say they found 30-plus servers being used by APT29
Same hacking group accused of attacks on DNC, SolarWinds

Russian Trolls Shift Strategy to Disrupt U.S. Election in 2020 — Photographer: Andrey Rudakov/Bloomberg

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Ryan Gallagher

July 30, 2021 at 10:00 AM UTC

This article is for subscribers only.

Security researchers say they have uncovered an ongoing hacking campaign carried out by suspected Russian spies who are continuing to stage attacks amid U.S. pressure on the Kremlin to curtail its alleged cyber-intrusions.

The California-based cybersecurity firm RiskIQ Inc. said in a report released on Friday that it had uncovered more than 30 command and control servers -- used by cybercriminals to send orders to compromised networks or receive stolen data -- associated with the state-sponsored hacking group, which is known as APT29 or Cozy Bear. The group is using the servers to deploy malicious software named WellMess, according to RiskIQ. APT stands for “advanced persistent threat,” and is a term often used to describe state-sponsored hacking groups.