Microsoft-owned cybersecurity subsidiary RiskIQ uncovers new command-and-control infrastructure belonging to Russian threat actor APT29, aka Cozy Bear. The infrastructure is believed to be serving malware WellMess malware as part of an ongoing attack campaign. One of the servers is thought to have been active as early as October 9, 2020, although it’s not clear how these servers are being used or who the targets are. The activity is being tracked by various codenames, including UNC2452, Nobelium, SolarStorm, StellarParticle, Dark Halo, and Iron Ritual.
Source: https://thehackernews.com/2021/07/experts-uncover-several-c-servers.html