US, UK, Canada allege Russia trying to hack COVID-19 vaccine researchers
The three allied countries allege that the hacking group known as APT29, or "Cozy Bear," which is largely believed to operate as part of Russia's security services, is conducting an "ongoing" cyber campaign to steal intellectual property about a possible COVID-19 vaccine.
"Russian cyber actors are targeting organisations involved in coronavirus vaccine development, UK security officials have revealed," the United Kingdom's National Cyber Security Centre (NCSC) revealed Thursday in an online post.
The NCSC said this assessment was made along with partners at the Department of Homeland Security and National Security Agency (NSA) as well as Canadian intelligence.
NSA Cybersecurity Director Anne Neuberger warned about APT29’s efforts and called for those being targeted to take the threat “seriously” and to take mitigation measures.
“The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” Neuberger said in a statement.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.”
British Foreign Secretary Dominic Raab, meanwhile, said in a statement, that it is "completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic."
"While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account," he continued.
According to the NCSC, APT29 has targeted research and development organizations in the U.K., U.S. and Canada using a variety of tools, including spear-phishing techniques and custom malware known as “WellMess” and “WellMail” to help in their hacking attempts.
The center warns that the targets include government, the health care sector, energy sector, think tanks and others.
The NCSC said that APT29 "almost certainly" is part of Russian Intelligence Services, with Raab's office putting the confidence level of the link at 95 percent.
The U.S. and other nations have previously dealt with APT29.
Researchers tied the group to a widespread campaign in 2018 that targeted the U.S. federal government, media outlets and think tanks with spear-phishing attacks after the midterm elections, in which the House flipped control to Democrats.
Over the recent months, the U.S., the U.K. and Canada countries have also made several warnings about nation states launching cyberattacks that targeted organizations tied to the COVID-19 response.
And the governments believe APT29 will be persistent in its efforts.
"APT29 is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic," according to the NCSC report on APT29's activities.