Britain, the United States and Canada are accusing Russian hackers of trying to steal information from researchers seeking a COVID-19 vaccine
By
JILL LAWLESS and DANICA KIRKA Associated Press
July 16, 2020, 3:51 PM
3 min read
LONDON -- Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity.
Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence service, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,'' British Foreign Secretary Dominic Raab said in a statement, accusing Moscow of pursuing “selfish interests with reckless behavior.”
Russia's Foreign Ministry did not immediately respond to a request for comment.
The persistent and ongoing attacks are seen by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. The campaign of “malicious activity'' is ongoing and includes attacks “predominantly against government, diplomatic, think tank, health care and energy targets,'' Britain's National Cyber Security Centre said in a statement.
Britain's NCSC said its assessment was shared by the U.S. Department of Homeland Security, the Cybersecurity Infrastructure Security Agency and the National Security Agency, and by the Canadian Communication Security Establishment.
It was unclear whether any information actually was stolen, but the U.K. says individuals’ confidential information is not believed to have been compromised.
The U.K. statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.
A 16-page advisory prepared by Western agencies accuses Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
The global reach and international supply chains of these organizations also make them vulnerable, the U.S. Cybersecurity and Infrastructure Security Agency said in an alert published in conjunction with its counterparts in Britain.
CISA said it and the British cyberseucity agency have detected the threat groups scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. It did not identify any of the targeted companies.
U.S. authorities have for months leveled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”
—-
Associated Press writers Ben Fox and Eric Tucker in Washington contributed.