Researchers Find More Servers Tied to Russian-Linked Attacks August 4, 2021 Twitter Get Permission Researchers at the security firm RiskIQ have uncovered about 35 active command-and-control servers connected with an ongoing malware campaign that has been linked to a Russian-speaking attack group known as APT29 or Cozy Bear. These servers, which are located in the U.S., Austria, Bulgaria, Switzerland, Germany, Denmark, France, Hong Kong, Japan and nearly a dozen other countries, are used to host custom malware called WellMess and WellMail, RiskIQ says in a report released Friday. These malware strains have previously been deployed to target research organizations developing COVID-19 vaccines, the researchers note.