APT29 has been tracked for years and is most closely associated with the Russian intelligence services. Past attacks from the group utilized the same techniques and targets. The threat actor will commonly use spear-phishing attacks and scanning for unpatched servers to target government employees or government-backed research and steal sensitive information. The United States National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) both endorsed the NCSC report. Defenders should keep in mind that proper security training, especially for government employees and companies, needs to be in place to teach people how to identify spear-phishing attacks. This attack is an example of why it is imperative to patch vulnerabilities as soon as they are available. Threat actors will continue to prey on companies who not patch vulnerabilities within their network. More information can be read here: https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development The full report and IOC’s can be found here: https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf