Coronavirus: Russian spies target Covid-19 vaccine investigation


One person reads the NCSC safety notice on a phone, while coronavirus illustrations dot the area around them.Image copyright
fake pictures

Russian hackers are targeting organizations trying to develop a coronavirus vaccine in the United Kingdom, the United States and Canada, security services warned.

The UK’s National Cyber ​​Security Center (NCSC) said hackers “almost certainly” operated as “part of the Russian intelligence services.”

He did not specify which organizations he had approached or if any information had been stolen.

But he said the vaccine research had not been hampered by hackers.

Foreign Secretary Dominic Raab said: “It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic.”

“While others pursue their selfish interests with reckless behavior, the UK and its allies continue the hard work of finding a vaccine and protecting global health.”

The warning was issued by an international group of security services:

  • NCSC UK
  • The Canadian Communication Security Establishment (CSE)
  • the United States Department of Homeland Security (DHS) Cyber ​​Security Infrastructure Security Agency (CISA)
  • the United States National Security Agency (NSA)

In recent years, Western security agencies have been more willing to call hackers targeting companies and organizations in their countries in the hope that it will deter them.

But the latest allegations are more unusual as officials point the finger directly at Russian spies instead of speaking generally of “state-backed hackers” or using other, more cautious references.

And they are also being challenged to attack something that the general public recognizes as highly sensitive, the investigation of the coronavirus vaccine, rather than simply information from any company or government department.

However, on another level we should not be too surprised by the claim.

Understanding vaccine research and other details about the pandemic has become a primary focus for intelligence agencies around the world, and many others, including Western spies, are likely to be active in this space.

Agencies in the United Kingdom, the United States and Canada said hackers had exploited software flaws to access vulnerable computer systems, and had used malware called WellMess and WellMail to upload and download files from infected machines.

They are also said to have tricked people into handing over login credentials with phishing attacks.

  • Identity fraud emails are designed to trick the recipient into giving up their personal information
  • Spear phishing it is a targeted and personalized form of attack designed to trick a specific individual. Often the email appears to come from a trusted contact and may include personal information to make the message appear more compelling

But a cybersecurity expert said the Russians were unlikely to be the only ones involved in such a campaign.

“They have a lot of people, we have a lot of people, Americans have even more people, just like the Chinese,” said Professor Ross Anderson of the University of Cambridge Computer Laboratory.

“Everyone tries to steal this kind of thing all the time.”

Who is accused of being responsible?

Image copyright
Crowdstrike

The NCSC calls a group of hackers called APT29, also known as The Dukes or Cozy Bear.

He says he is more than 95% sure that the group is part of the Russian intelligence services.

Cozy Bear was first identified as a significant “threat actor” in 2014, according to US cybersecurity firm Crowdstrike.

He describes the group as “aggressive” in its tactics and “nothing but flexible, changing tool sets frequently.”

The unit has previously been involved in hacking the United States Democratic National Committee (DNC) during the 2016 United States presidential election.

In 2017, it attacked the Norwegian Labor Party, the defense and foreign affairs ministries, as well as the country’s national security service.

The report includes recommendations that can help protect organizations from cyber attacks.

“Throughout 2020, APT29 has targeted various organizations involved in the development of the Covid-19 vaccine in Canada, the United States, and the United Kingdom, most likely with the intention of stealing development-related information and intellectual property and testing of Covid-19 vaccines, “it said.

On Thursday, the UK government also said that the Russians had “almost certainly” tried to interfere in the 2019 UK general election through illicitly acquired documents.