UK, US and Canada allege Russian cyberattacks on Covid-19 research centers




A notice published by the National Cyber ​​Security Center (NCSC) in the United Kingdom details the activities of the Russian hacking group and explicitly calls for targeting American, British and Canadian vaccine research and development organizations.

“The APT29 malicious activity campaign continues, primarily against government, diplomats, think tanks, healthcare and energy targets to steal valuable intellectual property,” said a press release.

Cozy Bear is one of two hacking groups linked to the Russian intelligence services which would have accessed the internal systems of the National Democratic Committee before the 2016 American elections, but Thursday’s announcement is the first time that this group is appointed in relationship with cyberattacks related to the coronavirus pandemic.

US, UK and Canadian authorities have issued several warnings about state-supported cyber attacks against organizations involved in the response to the coronavirus in recent months.


div>In April, CNN also reported a growing wave of cyber attacks against U.S. government agencies and medical institutions leading the pandemic response from nation states and criminal groups.

Hospitals, research labs, healthcare providers and pharmaceutical companies have all been affected, officials said at the time.

The Department of Health and Human Services – which oversees the Centers for Disease Control and Prevention – was also hit by a wave of daily strikes, an official with direct knowledge of the attacks told CNN, adding that Russia and the China was the main culprit.

“The National Security Agency (NSA), as well as our partners, remains faithful to its commitment to protect national security by collectively issuing this critical opinion on cybersecurity while foreign players continue to take advantage of the COVID pandemic- 19 underway, “said NSA Cybersecurity director Anne Neuberger said in a statement Thursday.

“APT29 has a long history of targeting government, diplomatic, think tank, health care and energy organizations for information. We therefore encourage everyone to take this threat seriously and to apply the mitigations set out in the opinion, “she said.

The NCSC, which is the UK’s main cybersecurity technical authority and part of the UK Government’s communications headquarters (GCHQ), said that the APT29 “would almost certainly work in the context of services Intelligence Service “.


div class=”el__embedded el__embedded–standard”>

This assessment is also supported by partners from the Canadian Communications Security Center (CSE), the Cybersecurity Infrastructure Security Agency (CISA) of the United States Department of Homeland Security (DHS) and the National Security Agency (NSA) ), said the NCSC.

“We condemn these despicable attacks on those doing vital work to fight the coronavirus pandemic,” said NCSC director of operations Paul Chichester in a statement. “Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority right now is to protect the health sector. “

The press release said the NCSC had previously warned that the Advanced Persistent Threats (APT) groups were targeting organizations involved in the national and international responses to Covid-19.

APT29 uses a variety of tools and techniques, including phishing and custom malware called “WellMess” and “WellMail”, according to the NCSC.

The report concludes that: “APT29 is likely to continue to target organizations involved in the research and development of COVID-19 vaccines as they seek to answer additional intelligence questions relating to the pandemic. “