RiskIQ laid bare more than 30 active C&C servers delivering WellMess and WellMail malware, allegedly owned by Russian-speaking attack group APT29. It is infamous for targeted attacks aimed at U.S. organizations. Federal agencies and organizations are suggested to stay vigilant, focus on proactive defense strategy, and leverage the IOCs provided in the RiskIQ report.