Hackers linked to Russian intelligence services are attempting to steal coronavirus vaccine research from pharmaceutical companies and other organizations, according to security officials from the U.S., the U.K., and Canada.
The three nations alleged on Thursday that hacking group APT29, also known as "Cozy Bear" and "the Dukes," is trying to steal COVID-19 vaccine research. The U.S. National Security Agency, U.K.'s National Cyber Security Centre, and Canada's Communications Security Establishment all agree that the hacker group is "almost certainly part of the Russian intelligence services."
"Throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines," according to the U.K.'s National Cyber Security Centre. "The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain."
APT29, which is associated with the Russian military spy agency GRU, is reportedly using custom malicious software to target organizations around the world. The malware being used is called "WellMess" and "WellMail," according to the 16-page advisory.
Targets include health care agencies, pharmaceutical companies, academia, medical research organizations, and local governments, security officials warned.
"In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations," the joint advisory stated. "The group then deployed public exploits against the vulnerable services identified."
"It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ said Dominic Raab, Britain's foreign secretary. "While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health."
"APT29 is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic," the advisory concludes.
Russia has denied the allegations.
"We do not have information on who might have hacked into pharmaceutical companies and research centers," Russian spokesman Dmitry Peskov told the TASS news agency. "We can only say one thing: Russia has nothing to do with these attempts. We do not accept these accusations, as well as the usual accusations of interference in the 2019 (sic) election."
U.S. officials have made similar accusations about theft of COVID-19 research against China.
"At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research," FBI Director Chris Wray said last week.
Cozy Bear was identified as one of the Russian-linked groups that hacked into the Democratic National Committee computer network and stole emails and phone calls before the 2016 presidential election.
In early April, the U.S. Department of Homeland Security issued a warning that cyber espionage groups were attempting to exploit the coronavirus pandemic.
"Both [Cybersecurity and Infrastructure and Security Agency] and [National Cyber Security Centre] are seeing a growing use of COVID-19-related themes by malicious cyber actors," the alert stated. "At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks, amplifying the threat to individuals and organizations."