A small bottle labeled with a “Vaccine” sticker is held near a medical syringe.
Dado Ruvic | Reuters
Hackers linked to Russian intelligence services are trying to steal information about coronavirus vaccine research in the U.S., Canada and the U.K., security officials said Thursday.
Officials said a group known as APT29 — also known as “Cozy Bear” — was likely to blame for the attack. They said the group, which is believed to be associated with Russian intelligence, used spear phishing and custom malware to target vaccine researchers.
The U.S. Department for Homeland Security, the Cybersecurity Infrastructure Security Agency, the National Security Agency, Canada’s Communications Security Establishment and the U.K.’s National Cyber Security Centre joined forces in accusing Russia of the hacking campaign.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, director of operations for the U.K.’s National Cyber Security Centre, or NCSC. “Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
A Kremlin spokesperson was not immediately available for comment when contacted by CNBC.
The group of hackers used spear-phishing to “obtain authentication credentials to internet-accessible login pages for target organizations,” the NCSC said in a report Thursday. Spear-phishing is an attempt whereby cybercriminals send messages that appear as though they’re from a trusted source to get their victim to reveal sensitive information.
They also used custom malware known as “WellMess” and “WellMail,” according to the NCSC, which said such tools had not previously been associated with APT29. Officials did not identify any of the organizations that had been targeted.
“Covid-19 is an existential threat to every government in the world, so it’s no surprise that cyber espionage capabilities are being used to gather intelligence on a cure,” said John Hultquist, senior director of intelligence analysis at Mandiant Threat Intelligence.
“The organizations developing vaccines and treatments for the virus are being heavily targeted by Russian, Iranian, and Chinese actors seeking a leg up on their own research. We’ve also seen significant Covid-related targeting of governments that began as early as January.”
Earlier Thursday, U.K. Foreign Secretary Dominic Raab said it was “almost certain” that Russian actors attempted to interfere in Britain’s 2019 general election. It comes after the U.K. Parliament’s Intelligence and Security Committee agreed to publish a long-delayed report on Russian influence in British politics in the next week.