A Russian hacking group is targeting coronavirus vaccine research in Canada, the U.S. and the U.K., according to a joint statement from the three countries’ cybersecurity agencies.
The Communications Security Establishment (CSE) said in a statement Thursday that the group APT29 — also known as Cozy Bear and The Dukes — is behind the malicious activity and “almost certainly operates as part of Russian intelligence services.”
“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines and serve to hinder response efforts at a time when health-care experts and medical researchers need every available resource to help fight the pandemic,” the statement said.
The CSE said the threat assessment is “supported” by the U.K.’s Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) and Department of Homeland Security’s Cybersecurity and Infrastructure Agency.
U.K. Foreign Secretary Dominic Raab said his government stands with Canada and the U.S. “against the reckless actions of Russia’s intelligence services, who we have exposed today for committing cyber attacks against those working on a COVID-19 vaccine.”
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” Raab said in a statement.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
When will a COVID-19 vaccine be ready?
The U.K. National Cyber Security Centre (NCSC) published an advisory Thursday that details activity by the Russian hacking group. Cozy Bear is one of two hacking groups believed to have accessed the Democratic National Committee’s internal systems in the lead-up to the 2016 U.S. election.
APT29 uses a variety of tools and techniques, including “spear phishing” and custom malware known as WellMess and WellMail, according to the NCSC. Spear phishing involves delivering malicious software through emails that appear to come from a trusted source.
“Throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” said the NCSC, which is the U.K.’s lead technical authority on cybersecurity.
APT29 conducts widespread scanning and looks for publicly vulnerable systems at organizations like hospitals, research laboratories, health-care providers and pharmaceutical companies.
“This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value,” the NCSC said. “The group may maintain a store of stolen credentials in order to access these systems in the event that they become more relevant to their requirements in the future.”
In May, the CSE and the Canadian Security Intelligence Service warned that Canada’s research on the response to the COVID-19 pandemic is at an “elevated level of risk” for state-sponsored hacking and espionage.
More to come.
© 2020 Global News, a division of Corus Entertainment Inc.