How Russia hackers are 'targeting' COVID-19 vaccine, treatment research
A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as "Cozy Bear". The same group has been linked to attacks on the US Democratic party in the run-up to 2016 elections.
Spies backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions in the UK, US and Canada, a group of security services has warned.
Britain's National Cyber Security Centre (NCSC) on Thursday said that the hackers "almost certainly" operated as "part of Russian intelligence services". But it did not mention which organisations had been targeted, or whether any information had been stolen. But it said vaccine research had not been hindered by the hackers, the BBC reported.
The warning was published by an international group of security services:
-- The UK's NCSC
-- The Canadian Communication Security Establishment (CSE)
-- The United States Department for Homeland Security (DHS) Cyber-security Infrastructure Security Agency (CISA)
-- The US National Security Agency (NSA)
THE GROUP ACCUSED OF BEING RESPONSIBLE
A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as "Cozy Bear".
"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," said NCSC Director of Operations Paul Chichester.
Cozy Bear was first identified as being a significant "threat actor" in 2014, according to the American cyber-security firm Crowdstrike. The firm describes the group as being "aggressive" in its tactics and "nothing if not flexible, changing tool sets frequently".
The group was previously been linked to attacks on the US Democratic National Committee (DNC) during the US Presidential election in 2016. In 2017, it reportedly attacked Norway's Labour Party, Defence and Foreign Ministries, as well as the country's national security service.
It has previously been alleged that the group is controlled by the Russian FSB spy agency or its SVR foreign intelligence agency.
Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa over the last year.
The NCSC said the group's attacks were continuing and used a variety of tools and techniques, including spear-phishing and custom malware. "Throughout 2020, APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the US and the UK, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines," it said.
"APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic," the NCSC added. Governments, thinktanks and the energy sector are also being targeted. The report included recommendations that can help protect organisations from cyber-attacks.
Russia has denied responsibility. "We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain. We can say one thing - Russia has nothing at all to do with these attempts," said Dmitry Peskov, a spokesman for President Vladimir Putin, according to the Tass news agency.
He also said that the allegations were not backed by proper evidence.
In a separate announcement Britain also accused "Russian actors" of trying to interfere in its 2019 election by trying to spread leaked documents online. Russia's foreign ministry said those accusations were "foggy and contradictory".
Britain is expected to publish a long-delayed report into Russian influence in British politics next week.
British Foreign Minister Dominic Raab said it was "completely unacceptable" for Russian intelligence services to target work on the pandemic. "While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health," he said in a statement. He said Britain would work with allies to hold perpetrators to account.
The US Department of Homeland Security and US Cyber Command also released technical information on Thursday about three hacking tools being deployed by the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.
Private sector cybersecurity researchers who had spotted the WELLMESS malware over the last year were unaware of its Russian origins until Thursday. In several cases, WELLMESS was found within US pharmaceutical companies, said three investigators familiar with the matter.
The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the victims.
Britain and the US said in May that networks of hackers were targeting national and international organisations responding to the pandemic. But such attacks have not previously been explicitly connected to the Russian state.