Hackers linked to Russian intelligence services are targeting COVID-19 vaccine researchers in the U.S., UK, and Canada in an attempt to steal information and intellectual property relating to the development and testing of vaccines, UK’s National Cyber Security Centre (NCSC) said on Thursday.
In an advisory published by the NCSC, a Russian hacking group known as “APT29,” “The Dukes” and “Cozy Bear” is trying to steal “valuable intellectual property” from vaccine researchers. The group has been responsible for a slew of attacks against governments and other organizations in recent years.
The group is “almost certainly part of the Russian intelligence services,” said the joint statement by the UK’s NCSC, Canadian Communication Security Establishment (CSE), the U.S. Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
The APT29 hacking group has been accused of using spear-phishing and custom malware known as ‘WellMess’ and ‘WellMail’ to target several organisations globally. This includes those organisations involved with COVID-19 vaccine development.
APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organisations to familiarise themselves with the advice we have published to help defend their networks,” NCSC Director of Operations, Paul Chichester, said.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” U.K. Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.
In May this year, the UK and the U.S. said that networks of hackers were targeting national and international organisations that are racing to develop the COVID-19 vaccine.
The Russian government-linked group Cozy Bear, also known as the “Dukes”, has been identified by Washington as one of the two Russian government-linked hacking groups of hacking the Democratic Party computer network and stealing emails before the 2016 U.S. election.
Russia officials denied any involvement by the Russian state in COVID-19 cyber hacking and stealing of vaccine data.
“We do not have information on who might have hacked into pharmaceutical companies and research centers. We can only say one thing: Russia has nothing to do with these attempts. We do not accept these accusations, as well as the usual accusations of interference in 2019 (U.K.) election,” Kremlin spokesman Dmitry Peskov told Russia’s TASS news agency. He said that the allegations were not backed by proper evidence.
