Coronavirus: Russian cyber raids target vaccine research

The UK, US and Canada today accused Russia of trying to steal coronavirus vaccine research by sanctioning ‘despicable’ cyber attacks against medical organisations and universities. 

The three nations issued a bombshell joint statement this afternoon claiming a hacking group called APT29, also known as Cozy Bear, is engaged in an ongoing campaign of ‘malicious activity’.  

Security chiefs believe the group is ‘almost certainly’ operating as part of Russian Intelligence Services, with officials confident the Kremlin has given the green light for the activity. 

The three nations believe the purpose of the Russian attacks is to steal intellectual property so that Moscow can develop a coronavirus vaccine first or at least at the same time as the UK, US and Canada. 

It is thought that pharmaceutical and academic institutions have been targeted by the hackers but the identity of specific targets has not been made public. 

The statement is likely to provoke a diplomatic firestorm and worsen already strained relations between the UK and Russia. 

The NCSC has concluded that APT29 ‘almost certainly operate as part of Russian Intelligence Services’. Russian President Vladimir Putin is pictured in Moscow on July 16

The Prime Minister’s Official Spokesman said: ‘The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable. 

‘Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.’ 

The National Cyber Security Centre (NCSC) today detailed the activity of the APT29 group. 

The NCSC has concluded that APT29 ‘almost certainly operate as part of Russian Intelligence Services’. 

The organisation’s assessment has been backed by the US Department of Homeland Security, the Cybersecurity Infrastructure Security Agency and the National Security Agency as well as by the Canadian Communication Security Establishment. 

The NCSC said APT29’s ‘campaign of malicious activity is ongoing’ and it is ‘predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property’.

NCSC Director of Operations, Paul Chichester, said: ‘We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

‘Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

‘We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.’

The NCSC said that such attacks had been happening ‘throughout 2020’ and that APT29 had ‘targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom’. 

The organisation said it is ‘highly likely’ the intention of the attacks was to steal information and intellectual property ‘relating to the development and testing of COVID-19 vaccines’. 

The NCSC has previously warned that APT groups, which stands for Advanced Persistent Threat, have been targeting organisations involved in both national and international COVID-19 responses. 

Foreign Secretary Dominic Raab said the UK will work with its allies to ‘hold perpetrators to account’ as he demanded an end to the cyber attacks. 

Dominic Raab, the Foreign Secretary, said the cyber attacks were ‘completely unacceptable’

He said: ‘It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.

‘While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.

‘The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.’

The NCSC was set up in 2016 to boost the UK’s cyber security defences and is part of GCHQ. It is the UK’s lead technical authority on cyber security.