Russian hackers are trying to steal COVID-19 vaccine research from the US through cyber attacks against medical organizations and universities, according to security officials.
The 16-page advisory prepared by the US National Security Agency and made public by Britain, the US and Canada accused APT29, also known as Cozy Bear and Dukes, of using custom malicious software to target a number of organizations globally.
Cozy Bear has been identified by Washington as one of two Russian government-linked hacking groups that broke into the Democratic National Committee computer network and stole emails ahead of the 2016 presidential election.
The other group is usually called Fancy Bear. The groups are said to specialize in exploiting known vulnerabilities in software and then rapidly ‘weaponizing’ them.
Russian hackers (file image) are trying to steal COVID-19 vaccine research from the US through cyber attacks against medical organizations and universities, according to security officials
Authorities did not reveal which pharmaceutical and academic institutions (file image) have been targeted by the hackers
‘In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,’ the advisory said.
The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
According to security officials, the hacking group has engaged in an ongoing campaign of ‘malicious activity’.
Security chiefs believe the group is ‘almost certainly’ operating as part of Russian Intelligence Services, with officials confident the Kremlin has given the green light for the activity.
The three nations believe the purpose of the Russian attacks is to steal intellectual property so that Moscow can develop a coronavirus vaccine first or at least at the same time as the US, UK and Canada.
Authorities did not reveal which pharmaceutical and academic institutions have been targeted by the hackers.
But the University of Oxford, which is one of the global leaders in research for a potential vaccine for COVID-19, has previously confirmed it was taking advice from security experts on the issue of cyber attacks linked to coronavirus data.
Anne Neuberger (pictured), the National Security Agency’s cybersecurity director, said: ‘APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain’
It was unclear whether any information actually was stolen but the center says individuals’ confidential information is not believed to have been compromised.
Anne Neuberger, the National Security Agency’s cybersecurity director, said: ‘The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic.
‘APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.’
The US Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
Vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organizations, and local governments, security officials have said.
The statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized. Russian President Vladimir Putin is pictured in Moscow on July 16
The statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.
‘It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,’ Britain’s Foreign Secretary Dominic Raab said in a statement.
‘While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.’
The Russian Foreign Ministry did not immediately respond to a request for comment.
US authorities have for months leveled similar accusations against China.
FBI Director Chris Wray said last week: ‘At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.’