Britain, the United States and Canada alleged Thursday that hackers backed up by the Russian government are attempting to steal information from pharmaceutical companies and researchers racing to find a COVID-19 vaccine.
What We Know:
- Britain’s National Cybersecurity Centre stated that they were almost certain that the hackers were connected to Russia’s intelligence services. Britain made the announcement in coordination with authorities in the U.S. and Canada.
- The three nations alleged that hacking group APT29 is attacking academic and drug research institutions involved in coronavirus vaccine development. The announcement did not specify which institutions and companies had been targeted or whether any vaccine information had been stolen.
- “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ Dominic Raab, Britain’s foreign secretary, said in a statement. “While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
- The National Cyber Security Centre stated that it had detected a prolonged campaign of malicious activity Russia backed hackers. These include attacks that were “predominantly against government, diplomatic, think-tank, healthcare and energy targets.”
- The statement from the National Cybersecurity Centre did not include whether Russian President Vladimir Putin knew about the vaccine research hacking.
- Matthew Schmidt, a political scientist at the University of New Haven, stated that the hacked vaccine research is a “statement of the weakness of Russian science under 20 years of Putin’s rule.”
- A 16-page advisory made public by Britain, the U.S. and Canada on Thursday accuses hacking group APT29, also known as Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
- “In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
In April, the U.S. Department of Homeland Security’s cybersecurity agency warned that cybercriminals and other groups were targeting COVID-19 research. Noting that at the time the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.