LONDON / OTTAWA (Reuters) – Russian state-backed hackers are trying to steal COVID-19 vaccine research and treatment from academic and pharmaceutical institutions around the world, the National Center for Cyber Security said Thursday. (NCSC) of Great Britain.
A coordinated statement by Britain, the United States and Canada attributed the attacks to the APT29 group, also known as the Cozy Bear, which they said was surely operating as part of the Russian intelligence services.
“We condemn these despicable attacks against those who do vital work to combat the coronavirus pandemic,” said NCSC Director of Operations Paul Chichester.
Cybersecurity investigators said an APT29 hacking tool was used last year against clients located in the United States, Japan, China and Africa.
Russia’s RIA news agency quoted spokesman Dmitry Peskov as saying the Kremlin rejected London’s accusations, which they said were not backed by adequate evidence.
In another announcement, Britain also accused “Russian actors” of trying to interfere with their 2019 elections by trying to spread leaked documents online. The Russian Foreign Ministry said those allegations were “confusing and contradictory.”
Britain is expected to publish a delayed report on Russian influence on British politics next week.
“Selfish interests”
British Foreign Minister Dominic Raab said it was “completely unacceptable” for Russian intelligence services to target work on the pandemic.
“While others pursue their selfish interests with reckless behavior, the UK and its allies continue the hard work of finding a vaccine and protecting global health,” it said in a statement. He said Britain would work with allies to hold the perpetrators accountable.
The NCSC said the group’s attacks continued and used a variety of tools and techniques, including spear phishing and custom malware.
“APT29 is likely to continue targeting organizations involved in the research and development of the COVID-19 vaccine as they seek to answer additional intelligence questions related to the pandemic,” the NCSC statement said.
The US Department of Homeland Security and the US Cyber Command also released technical information on Thursday about three hacking tools that Russian hackers are implementing, codenamed WELLMAIL, SOREFANG, and WELLMESS. .
Private sector cybersecurity researchers who had detected WELLMESS malware for the past year were unaware of its Russian origins until Thursday.
In several cases, WELLMESS was found inside US pharmaceutical companies, said three investigators familiar with the matter, who spoke on condition of anonymity to discuss confidential information. The tool allowed hackers to stealthily gain remote access to secure computers. They refused to name the victims.
Britain and the United States said in May that the hacker networks targeted national and international organizations responding to the pandemic. But such attacks had not previously been explicitly connected to the Russian state.
Additional reports by Elizabeth Piper in London and Andrew Osborn and Gabrielle Tétrault-Farbe in Moscow; editing by Stephen Addison, William Maclean and Cynthia Osterman
.
