Northwest Arkansas Democrat-Gazette
U.S., allies say vaccine data target of Russians
LONDON — Hackers linked to a Russian intelligence service are trying to steal information from researchers working to produce coronavirus vaccines in the United States, Britain and Canada, security officials in those countries said Thursday.
The hackers, who belong to a unit known variously as APT29, “the Dukes” or “Cozy Bear,” are targeting vaccine research and development organizations in the three countries, the officials said in a joint statement. The unit is one of the two
Russian spy groups that penetrated the Democratic Party’s computers in the lead-up to the 2016 presidential election.
“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” British Foreign Secretary Dominic Raab said.
The announcement comes as reported coronavirus cases globally have topped 13.7 million, deaths have surpassed the half-million mark, and the stakes for being first to develop a vaccine are high.
Officials did not divulge whether any of the Russian efforts have been successful, but, they said, the intention is clear. The U.K. says individuals’ confidential information is not believed to have been compromised.
The U.K. statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.
“APT29 has a long history of targeting governmental, diplomatic, think tank, health care and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, cybersecurity director for the U.S. National Security Agency.
Moscow has denied the allegations.
Putin’s spokesman, Dmitry Peskov, rejected the British accusations, saying: “We don’t have information about who may have hacked pharmaceutical companies and research centers in Britain.”
BID FOR PRESTIGE
U.S. officials say a desire for global prestige and influence also is driving nations’ actions.
“Whatever country’s or company’s research lab is first to produce that [vaccine] is going to have a significant geopolitical success story,” John Demers, the assistant attorney general for national security, said earlier this year.
“Getting a covid-19 vaccine is the new Holy Grail,” said Lawrence Gostin, a global public-health law expert at Georgetown University. “The political competition to be the first is no less consequential than the race for the moon between the United States and Russia.”
Canada’s Communications Security Establishment, responsible for gathering foreign signals intelligence and the Canadian equivalent of the National Security Agency, said the attacks “serve to hinder response efforts at a time when health-care experts and medical researchers need every available resource to help fight the pandemic.”
A bulletin from the Canadian agency said that a Canadian biopharmaceutical company was breached by a foreign actor in mid-April, “almost certainly attempting to steal its intellectual property.”
The agency also said in May that it was investigating possible security breaches at Canadian organizations working on coronavirus-related research, but did not indicate whether the alleged breaches were state-sponsored.
“We’ve seen some compromises in research organizations that we’ve been helping to mitigate,” Scott Jones, head of the Canadian agency’s Cyber Center, told a parliamentary committee. “We’re still continuing to look through what’s the root cause of those.”
The Canadian government also released a statement, confirming that it is working with the U.S. and the U.K. to stop the “malicious cyber activities.”
‘RUSSIA’S NOT ALONE’
The joint announcement was made two months after the FBI and the Department of Homeland Security warned that China was targeting coronavirus research, and that health care, pharmaceutical and research labs should take steps to protect their systems.
“It’s not unusual” to see “cyberactivity” traced to China soon after a pharmaceutical company or research institution makes an announcement about promising vaccine research, FBI Director Christopher Wray said last week. “It’s sometimes almost the next day.”
“At this very moment, China
is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential covid-19 research,” Wray said.
The “biggest thing to keep in mind is Russia’s not alone,” said John Hultquist, director of intelligence analysis for the cybersecurity firm FireEye. “We’ve seen Iranian and Chinese actors targeting pharmaceutical companies and research organizations involved in the covid-19 response. This is an existential threat to almost every government on Earth and we can expect that tremendous resources have been diverted from other tasks to focus on this virus.”
A state-owned Chinese company boasted Thursday that its employees, including top executives, received experimental shots even before the government approved testing in people.
“Giving a helping hand in forging the sword of victory,” reads an online post from SinoPharm with pictures of company leaders it says helped “pre-test” its vaccine.
With a covid-19 vaccine, national pride is at stake. President Xi Jinping pledged that any Chinese-made vaccine would be a “global public good.”
CUSTOM MALWARE
The Russian hacker group scanned computer Internet Protocol addresses owned by the organizations and then deployed malware to try to gain access, officials with Britain’s National Cyber Security Center said. In some cases, the hackers used custom malware known as “WellMess” and “WellMail” to conduct further operations on a victim’s system, British officials said.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, director of operations for the National Cyber Security Center, said in an emailed statement. “Working with our allies, the [center] is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”
The World Health Organization reports that of the more than 160 vaccines being developed, 23 have begun clinical trials in humans — including top candidates being developed by academics, national laboratories and pharmaceutical companies in Britain, Canada and the United States.
Russia is developing 26 vaccines, Russian Deputy Prime Minister Tatyana Golikova said Wednesday, but only two are undergoing clinical trials. A monthlong trial on 38 people for one of the vaccines concluded this week. Kirill Dmitriev, head of the Russian Direct Investment Fund, the country’s sovereign wealth fund, told reporters that a larger trial with several thousand people is expected to begin in August.
Alongside their legitimate efforts, the Russians are probably cheating, Western analysts say.
“I have absolutely no doubt that if there was the slightest probability of stealing it, the Russians would do it,” said Jonathan Eyal, international director at the Royal United Services Institute, a London think tank.
HISTORY OF HACKING
The Russian hacking group APT29 is well known to cyber experts. U.S. intelligence officials say it is part of the SVR, Russia’s foreign-intelligence service. That outfit hacked the White House and State Department email systems in 2014. It also infiltrated the Democratic National Committee servers in summer 2015, many months before the Russian military spy agency GRU did, investigators said.
Britain’s Raab also told a parliamentary intelligence committee Thursday that “Russian actors” sought to interfere in the United Kingdom’s 2019 general election by acquiring unpublished documents used in trade talks between the U.S. and Britain, and then leaking the material on social media.
Relations been Russia and the U.K. have plummeted since former spy Sergei Skripal and his daughter were poisoned with a Soviet-made nerve agent in the English city of Salisbury in 2018 and later recovered. Britain blamed Moscow for the attack, which triggered a round of retaliatory diplomatic expulsions between Russia and Western countries.
Mike Chapple, an information technology expert at the University of Notre Dame’s Mendoza College of Business, said the Russian hackers realized that knowledge is power when it comes to covid-19.
“I think the biggest takeaway from these attacks is that other countries are actively targeting the health research industry and we’re seeing the pharmaceutical companies and others being targeted because they have the information that can be used to help alleviate this global pandemic,” he said. “It’s reasonable to conclude that the coronavirus is the No. 1 priority of every intelligence agency around the world right now.”
WARNING FOR EXECS
Attorney General William Barr, during an address at the Gerald R. Ford Presidential Museum in Grand Rapids, Mich. on Thursday, said that Beijing, “desperate for a public relations coup,” is perhaps hoping “to claim credit for any medical breakthroughs.”
Barr said the United States has become overly reliant on Chinese goods and services, including masks, medical gowns and other protective equipment designed to curb the spread of the virus, as he also cautioned American business leaders against promoting policies favorable to Beijing.
He accused hackers linked to the Chinese government of targeting American universities and businesses to steal research related to vaccine development.
“The People’s Republic of China is now engaged in an economic blitzkrieg — an aggressive, orchestrated, whole-of-government … campaign to seize the commanding heights of the global economy and to surpass the United States as the world’s preeminent technological superpower,” Barr said.
He specifically warned American corporate leaders against pushing policies favorable to the communist government, saying they could run afoul of federal foreign lobbying laws if they don’t disclose their relationship with China.
“As China’s government loses credibility around the world, the Department of Justice has seen more and more [Chinese] officials and their proxies reaching out to corporate leaders and inveighing them to favor policies and actions favored by the Chinese Communist Party,” Barr said.
Similarly, he warned, universities that welcome Chinese-funded initiatives could unwittingly lose control of academic research. And he alleged that Hollywood had fallen influence to Beijing, too, accusing filmmakers of censoring themselves in line with Chinese propaganda.
“Globalization does not always point in the direction of greater freedom. A world marching to the beat of Communist China’s drums will not be a hospitable one for institutions that depend on free markets, free trade, or the free exchange of ideas,” Barr said. Information for this article was contributed by William Booth, Adam Taylor, Ellen Nakashima, Isabelle Khurshudyan, Karla Adam and Adam Taylor of The Washington Post; by Jill Lawless, Danica Kirka, Sam McNeil, Lauran Neergaard, Vladimir Isachenkov, Eric Tucker, Jonathan Lemire and Ben Fox of The Associated Press; and by Kitty Donaldson, Ryan Gallagher and Chris Strohm of Bloomberg News.