Cyberspies’ bid to steal vaccine research
Hackers linked to a Russian intelligence service are trying to steal information from researchers working to produce coronavirus vaccines in the United States, Britain and Canada, security officials in those countries said yesterday.
The hackers, who belong to a unit known variously as APT29, ‘‘the Dukes’’ or ‘‘Cozy Bear,’’ are targeting vaccine research and development organisations in the three countries, the officials said in a joint statement.
The unit is one of the two Russian spy groups that penetrated the Democratic Party’s computers in the lead-up to the 2016 presidential election.
‘‘It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,’’ British Foreign Secretary Dominic Raab said.
The announcement comes as reported coronavirus cases globally have topped 13.5 million, deaths have surpassed the half-million mark, and the stakes for being first to develop a vaccine are high.
Officials did not divulge whether any of the Russian efforts have been successful, but, they said, the intention is clear.
‘‘APT29 has a long history of targeting governmental, diplomatic, think tank, health-care and energy organisations for intelligence gain, so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,’’ said Anne Neuberger, cybersecurity director for the US National Security Agency.
Moscow has denied the allegations.
‘‘We have no information on who could have hacked pharmaceutical companies and research centers in Britain,’’ Kremlin spokesman Dmitry Peskov told the Tass state news agency. ‘‘We can only say this: Russia has nothing to do with these attempts.’’
US officials say a desire for global prestige and influence also is driving nations’ actions.
‘‘Whatever country’s or company’s research lab is first to produce that [vaccine] is going to have a significant geopolitical success story,’’ Assistant Attorney General for National Security John Demers said earlier this year.
Canada’s Communications Security Establishment, responsible for gathering foreign signals intelligence and the Canadian equivalent of the NSA, said the attacks ‘‘serve to hinder response efforts at a time when health-care experts and medical researchers need every available resource to help fight the pandemic.’’
A CSE bulletin said that a Canadian biopharmaceutical company was breached by a foreign actor in mid-April, ‘‘almost certainly attempting to steal its intellectual property.’’
The agency also said in May that it was investigating possible security breaches at Canadian organisations working on coronavirus-related research, but did not indicate whether the alleged breaches were state-sponsored.
‘‘We’ve seen some compromises in research organisations that we’ve been helping to mitigate,’’ Scott Jones, head of the CSE’s Cyber Center, told a parliamentary committee. ‘‘We’re still continuing to look through what’s the root cause of those.’’
The joint announcement comes two months after the FBI and Department of Homeland Security warned that China was also targeting covid-19 research, and that health-care, pharmaceutical and research labs should take steps to protect their systems.
‘‘It’s not unusual’’ to see ‘‘cyber activity’’ traced to China soon after a pharmaceutical company or research institution makes an announcement about promising vaccine research, FBI Director Christopher A. Wray said last week. ‘‘It’s sometimes almost the next day.’’
Attorney General William P. Barr said yesterday that Beijing, ‘‘desperate for a public relations coup,’’ is perhaps hoping ‘‘to claim credit for any medical breakthroughs.’’
The ‘‘biggest thing to keep in mind is Russia’s not alone,’’ said John Hultquist, director of intelligence analysis for the cybersecurity firm FireEye. ‘‘We’ve seen Iranian and Chinese actors targeting pharmaceutical companies and research organizations involved in the covid19 response. This is an existential threat to almost every government on Earth and we can expect that tremendous resources have been diverted from other tasks to focus on this virus.’’
US officials say Russian government hackers have penetrated energy and nuclear company business networks
The Russian hacker group scanned computer IP addresses owned by the organisations and then deployed malware to try to gain access, officials with Britain’s National Cyber Security Centre said. In some cases, the hackers used custom malware known as ‘‘WellMess’’ and ‘‘WellMail’’ to conduct further operations on a victim’s system, British officials said.