EXPOSED, RUSSIAN VACCINE SPIES
Putin’s hackers are trying to plunder UK Covid research, warn cyber chiefs
RUSSIAN spies are trying to steal groundbreaking British research into a coronavirus vaccine, the National Cyber Security Centre warned yesterday.
In a dramatic joint statement with counterparts in the United States and Canada, Britain’s cyber security agency accused the Kremlin of deploying hackers to try to steal Western research into combating the virus.
Targets have included Oxford University and Imperial College London, which are undertaking world-leading work to develop a vaccine. Security sources said the sophisticated espionage attacks were authorised at the ‘highest levels’ of the Russian regime, and may have been ordered by Vladimir Putin himself.
Paul Chichester, director of operations at the National Cyber Security Centre, urged organisations involved in coronavirus research to shore up their defences.
He added: ‘We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
‘ Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.’
Downing Street also condemned Russia’s bid to steal the West’s vaccine research.
The Prime Minister’s official spokesman said: ‘ The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
‘Working with our allies, we will call out those who seek to do us harm in cyberspace and hold them to account.’
Security sources declined to say whether the UK has deployed its offensive cyber-capability against the Russian hackers, but said the intelligence agencies had ‘a variety of ways’ of responding.
Sources said the Russian attacks began in February when global concern about the coronavirus began to escalate.
They were carried out by the infamous Cozy Bear unit, which has been named as the source of a string of offensive operations against the West.
The shadowy cell, also known as APT29 and The Dukes, has not previously been publicly linked to Russia’s state intelligence service.
But a joint assessment by the UK, US and Canada yesterday said it was ‘almost certainly part of the Russian intelligence services’.
It added: ‘ Throughout 2020, APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.’
The allies warned that the hostile group ‘is likely to continue to target organisations involved in Covid-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic’.
Research projects at Oxford and Imperial are among the most promising vaccine programmes in the world. This week it emerged that a phase one trial at Oxford involving 1,000 British volunteers appeared to stimulate an immune response – potentially a major breakthrough.
Yesterday’s joint report indicated that the Cozy Bear cell has had only limited success, saying it had gained only ‘initial footholds’ in vulnerable systems.
The NCSC has been working with British researchers and drug companies this year on shoring up their defences against attacks. Russia was the only hostile state named yesterday but sources have previously suggested that both China and Iran have made attempts to steal data.
The joint report found that the Russian hackers have deployed a range of techniques to try to infiltrate Western research establishments.
These include targeting wellknown vulnerabilities in popular
‘Stealing information’
software, including ‘virtual private network’ or VPN applications.
Once inside a network, the hackers attempt to acquire the identities of legitimate users in order to maintain ‘ persistent access’ to the system.
In some cases, the group then deploys a malware programme, codenamed ‘WellMess’ in order to download files or plant viruses.
Another method used by Cozy Bear is the simple technique of ‘phishing’ – sending emails that a recipient believes come from a trusted source.
Security sources said the hacks on vaccine programmes were largely designed to steal information rather than disrupt systems.
The report warned that the Cozy Bear cell has deployed ‘widespread scanning’ of vulnerabilities in order to gain access to a ‘broad’ range of Western establishments. In many cases the intelligence gained is
‘unlikely to be of immediate use’, said the report.
But the group has collected a store of ‘stolen credentials’ in order to access their systems ‘in the event that they become more relevant to their requirements’.
A leading Russian researcher said this week that Moscow planned to begin final-stage testing of a potential vaccine next month. Russia has reported the fourth highest number of coronavirus cases, after the United States, Brazil and India. It has recorded 11,614 fatalities, a toll far lower than in similarly affected countries, but has faced questions about the reliability of its data.
Russian hackers have previously targeted the Foreign Office, and the Ministry of Defence’s Porton Down laboratory in 2018 after the attempted assassination of Sergei Skripal and his daughter Yulia using novichok in Salisbury.