Security services from the UK, the US and Canada have warned that Russian cyber spies are attempting to steal research into coronavirus vaccines and treatment methods. The attack is ongoing, with cyber experts attempting to defend research institutes, laboratories and other possible targets.
The UK’s National Cyber Security Centre (NCSC) has alleged that the group called APT29, also known as ‘the Dukes’ or ‘Cozy Bear’, is responsible for the attempted cyber attacks on coronavirus research facilities. The NCSC also went on to claim that the group ‘almost certainly operates as part of Russian intelligence services’. It is understood that the NCSC believes that knowledge of APT29’s activities is held at the highest levels of the Russian state.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, the NCSC’s director of operations, said as part of a statement released online by the organization.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.”
The news came on the same day that the UK government announced, in a separate development, that it had found evidence that Russian groups had attempted to interfere with last year’s general election by way of distributing leaked documents of a potential UK-US trade deal. Additionally, the UK’s Intelligence and Security Committee are finally due to publish a long-awaited report into Russian interference in UK politics.
“We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain. We can say one thing – Russia has nothing at all to do with these attempts,” said Dmitry Peskov, a spokesman for President Putin, according to the Tass news agency.
The warning over the attempted hacking and cyber crimes from the Russian group came from an international group of security services comprised of: the UK’s NCSC, the Canadian Communication Security Establishment (CSE), the United States Department for Homeland Security (DHS), Cyber-security Infrastructure Security Agency (CISA) and the US National Security Agency (NSA).
“The received wisdom is that in cyber-space, attribution is difficult but not impossible,” commented Emily Taylor from the Chatham House think tank.
“Usually the security services are much more hedgy in their language if they think there is any doubt.
“Cozy Bear [the named group] has been implicated in past cyber-attacks and has left quite a trail, and there are fairly good links to the Russian state itself.”
The NCSC, responsible for responding to cyber attacks on the UK, have released an advisory message that includes details of how the Russian cyber spies are attempting to steal highly valuable research into treatments and vaccines for COVID-19. Such intelligence is being regarded by all countries involved as a priority, as they recognize the importance of such information in combating the global pandemic.
“We have no information about who may have hacked pharmacological companies and research centres in the United Kingdom. We can say only that Russia has nothing to do with these attempts. We do not accept the similar accusations, including the latest unsubstantiated accusations of interference in the 2019 elections,” Kremlin spokesman Dmitri Peskov told the Guardian.
In May, UK and US cyber intelligence agencies warned that state-backed cyber attacks were making attempts to steal data from research institutes, pharmaceutical companies and universities that were involved in fighting the pandemic.
A joint advisory published on the back of those warnings did not mention any country specifically but it is now understood that these agencies believe the culprits to include hacking groups from China, Russia and Iran, as well as others.
The NCSC have been specific with their accusations this time around, claiming that Russian cyber spies are using a variety of different techniques to access confidential information, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
“Again, some speculation without any evidence. Unfortunately, this is another example of the politicization of the pandemic,” head of the international affairs committee in the lower house of the Russian parliament, Leonid Slutsky said, branding the ‘unfounded’ claims as ‘another manifestation of Russophobia’.
“In Russia, its own trials of a vaccine against COVID-19 are quite successful, we have a strong virology, so there was no reason to steal ‘secrets’.”
The warnings over these attempted attacks on sensitive coronavirus information came just hours after the UK government revealed how Russian groups attempted to interfere in the country’s 2019 general election. Foreign Secretary Dominic Raab wrote an open letter to parliament, revealing that there is currently an ongoing criminal investigation into the issue.
Raab vowed the UK would “continue to call out and respond to malign activity, including any attempts to interfere in our democratic processes” and suggested the government would “respond with appropriate measures in the future”.