Russian cyber hackers are targeting organizations involved in the development of COVID-19 vaccines in Canada, the United Kingdom and the United States, according to security officials.
The NCSC said a group known as APT29 — or “the Dukes” or “Cozy Bear” — that is “almost certainly part of the Russian intelligence services” is conducting the attacks in order to steal information and intellectual property about COVID-19 vaccine development and testing.
The group targeted government departments, diplomatic missions, think tanks, and health care and energy targets in order to gain intelligence.
‘The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable,” a spokesman for U.K. Prime Minister Boris Johnson told reporters, according to Politico.
“Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.”
APT29 is allegedly using custom malware known as “WellMess” and “WellMain” to gain access to targeted organizations; however, the report did not say what they would do within the system.
The NCSC also provided detection and mitigation advice for targeted groups.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” British Foreign Secretary Dominic Raab said in a statement.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
The analysis is backed by the Canadian Communication Security Establishment, as well as the U.S. Department for Homeland Security, Cybersecurity Infrastructure Security Agency and National Security Agency.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations Paul Chichester told Politico.
“Working with our allies, the NCSC is committed to protecting our most critical assets, and our top priority at this time is to protect the health sector.”
APT29 “has been linked to Russian intelligence and was blamed for hacking Democratic Party emails in the 2016 U.S. presidential election,” NPR reported.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously,” said Anne Neuberger, the National Security Agency’s cybersecurity director.
Russia denied the accusation via a statement in the state-run Tass news agency.
“We can say one thing — Russia has nothing at all to do with these attempts,” Russian President Vladimir Putin’s spokesman, Dmitry Peskov, said.
It was unclear as of Friday morning if any sensitive information had been obtained.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.