Britain, the United States and Canada accused Russia on Thursday of trying to steal information from researchers looking for a COVID-19 vaccine.
The three nations have alleged that the hacking group APT29, also known as Cozy Bear, which is believed to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in the development of a vaccine against coronaviruses.
The British National Cyber Security Center made the announcement, which was coordinated with US and Canadian authorities.
“It is completely unacceptable that Russian intelligence services are targeting those fighting the coronavirus pandemic,” said Foreign Minister Dominic Raab in a statement. with the hard work of finding a vaccine and protecting global health. ”
Persistent and continuous attacks are viewed by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. The “malicious activity” campaign is ongoing and includes attacks “primarily against government, diplomatic, think tank, healthcare and energy targets,” said the National Cyber Security Center in a statement. communicated.
It was unclear if any information had been stolen, but the center said the individuals’ confidential information would not be compromised.
Kremilin said that Russia had nothing to do with hacking and theft of COVID-19 vaccine data, according to the Russian news agency TASS.
British Cybersecurity Center director of operations Paul Chichester urged “organizations to familiarize themselves with the advice we have published to help defend their networks.”
The statement does not say whether Russian President Vladimir Putin was aware of the hacking of vaccine research, but British officials believe such information would be greatly appreciated.
A 16-page notice released Thursday by Britain, the United States and Canada accuses Cozy Bear of using custom malware to target a number of organizations around the world. The malware, called WellMess and WellMail, was not previously associated with the hacking group, the advisor said.
“In recent attacks targeting the research and development of COVID-19 vaccines, the group performed a basic vulnerability analysis against specific external IP addresses held by organizations. The group then deployed public exploits against the identified vulnerable services, “said the adviser.
The US Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in telework due to the pandemic had created potential avenues for hackers to exploit.
Vulnerable targets are health care agencies, pharmaceutical companies, universities, medical research organizations and local governments, said security officials.
The global reach and international supply chains of these organizations also make them vulnerable, said the US Cybersecurity and Infrastructure Security Agency in an alert issued jointly with its British counterparts.
CISA said it and the UK cybersecurity agency had detected the threat groups that were scanning the external websites of the target companies and looking for vulnerabilities in unpatched software. He did not name any of the target companies.
US officials have been laying similar charges against China for months. FBI Director Chris Wray said last week, “At this very moment, China is struggling to jeopardize US health care organizations, pharmaceutical companies and academic institutions conducting essential research on COVID- 19. “