Hackers from Russian intelligence services are targeting organizations that are involved in COVID-19 vaccine development, according to US, UK, and Canadian authorities.
The UK’s National Cyber Security Centre (NCSC) denounced the attacks in an advisory issued Thursday. The NCSC believes the culprits to be APT29, also known as “the Dukes” and “Cozy Bear,” an espionage organization it says is likely associated with Russian intelligence services. A number of partner agencies support that assessment, the advisory says, including the Canadian Communications Security Establishment, the US Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency.
The NCSC believes the hackers are collecting COVID-19 research, including vaccine development information.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC director of operations Paul Chichester in a statement.
Dominic Raab, the UK’s foreign secretary, also spoke out against the group’s actions. “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” reads Raab’s statement. “While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account,” Raab said.
“We have always supported the academia and pharma industry, both public and private sector organisations, and we have been clear that this work is our top priority at present,” an NCSC spokesperson said in an email to The Verge.
According to an NCSC report, APT29 uses “a variety of tools and techniques” in its hacking operation.
“The group frequently uses publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, likely in an effort to obtain authentication credentials to allow further access,” the advisory reads. The hackers are thought to keep a large store of login information.
Once APT29 has breached its target organizations, the group “deploys custom malware ... to conduct further operations in the victim’s system.”
As COVID-19 cases grow around the world, multiple countries have warned of international cyberattacks directed at medical research. In May, the FBI and CISA formally accused China of funding and operating hacking efforts to steal novel coronavirus vaccine information from the US and its allies, stating that “the potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” Earlier this year, the US and UK issued a warning about “advanced persistent threat groups” from countries like China, Iran, North Korea, and Russia targeting health-care organizations, pharmaceutical companies, academia, medical research groups, and local governments.