Russia accused of vaccine hacking
UK, US, Canada say virus research targeted
LONDON – Hackers backed by the Russian government are attempting to steal information from researchers and pharmaceutical companies racing to find a COVID-19 vaccine, Britain, the United States and Canada alleged Thursday.
Britain’s National Cybersecurity Centre said the hackers were “almost certainly” connected to Russia’s intelligence services. Britain made the announcement in coordination with authorities in the U.S. and Canada.
The three nations alleged that hacking group APT29, also known as Cozy Bear, is attacking academic and drug research institutions involved in coronavirus vaccine development. The announcement did not specify which institutions and companies had been targeted or whether any vaccine information had been stolen.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic, Dominic Raab, Britain’s foreign secretary, said in a statement. “While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The National Cybersecurity Centre said that it had detected a prolonged campaign of “malicious activity” from Russia-backed hackers that includes attacks “predominantly against government, diplomatic, think-tank, healthcare and energy targets.”
The statement from the National Cybersecurity Centre did not say whether Russian President Vladimir Putin knew about the vaccine research hacking.
The Russian Foreign Ministry did not immediately respond to a request for comment.
Matthew Schmidt, a political scientist at the University of New Haven, said that the hacked vaccine research is a
“statement of the weakness of Russian science under 20 years of Putin’s rule.”
Cozy Bear, also known as the “dukes,” has been identified by Washington as one of two Russian government-linked hacking groups that broke into the Democratic National Committee computer network and stole emails ahead of the 2016 presidential election. The other group is usually called Fancy Bear.
A 16-page advisory made public by Britain, the U.S. and Canada on Thursday accuses Cozy Bear of using malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
Vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organizations, and local governments, security officials have said.
The global reach and international supply chains of these organizations also make them vulnerable, the U.S. Cybersecurity and Infrastructure Security Agency said in an alert published with its counterparts in Britain.
U.S. authorities have for months leveled similar accusations against China.
Speaking in Michigan on Thursday, Attorney General William Barr said that China-linked “hackers have targeted American universities and firms in a bid to steal (intellectual property) related to coronavirus treatments and vaccines, sometimes disrupting the work of our researchers . ... Beijing is desperate for a public relations coup, and may hope that it will be able to claim credit for any medical breakthroughs.”
Barr also said that American companies, particularly medical suppliers, have become extraordinarily reliant on China for face masks, medical gowns and other medical devices and that the COVID-19 pandemic “has thrown a spotlight on that dependency.”