Russian hackers are back in the spotlight with a vaccine research attack

Russia faces new scrutiny for its cyber espionage efforts after the United States, Britain and Canada alleged Thursday that a Kremlin-linked piracy group is trying to steal research related to the development and testing of the coronavirus vaccine.

The group of hackers known as APT29 or “Cozy Bear” is believed to operate as part of Russia’s security services, and all three countries allege that it is carrying out a persistent and ongoing cyber campaign to steal intellectual property over a possible COVID-19 vaccine.

According to cybersecurity group CrowdStrike, the group was also one of two Russian cells that hacked the networks of the Democratic National Committee between 2015 and 2016 before the presidential election.

The UK’s National Center for Cyber ​​Security (NCSC) first revealed the findings in a report published online on Thursday warning that APT29 has targeted research and development organizations in the UK, US, and Canada. using a variety of tools, including phishing techniques and custom malware to aid in your hacking attempts.

Top intelligence lawmakers, including senator Mark WarnerMark Robert WarnerLoggers focus on Twitter after massive ‘Made in America’ hack won’t be as simple as it seems the US praises Britain’s Huawei ban on China after a lobbying campaign MORE (D-Va.), The vice chairman of the Senate Intelligence Committee, are calling for more powerful responses to Russia’s virtual aggressions.

“It should now be clear that Russia’s piracy efforts did not stop after the 2016 election,” Warner said in a statement to The Hill. “In the future, the United States and the western world must be prepared for increasingly aggressive cyber attacks by Russian actors.”

President of the Intelligence Chamber Adam SchiffAdam Bennett SchiffStone criticizes the US justice system in his first television interview since Trump commuted his sentence. House ready to consider defense policy bill next week | 57 Injured As Firefighters Battle A Warship Fire On Sunday Shows – Spotlight Changes To Reopen Schools MORE (D-Calif.) He linked the piracy efforts to a sign of despair from the Russian president. Vladimir PutinVladimir Vladimirovich Putin The Hill’s Morning Report – Presented by Argentum – Masks of Mandates, Restrictions Issued As COVID-19 Releases Project Lincoln Reports Raises .8 Million For Efforts Against Trump That The United States Cannot Resist While Russia Plays in Libya MORE.

“With an economy one-tenth of ours and a scientific research and development capacity that has withered in the decades since the fall of the Soviet Union, it is not surprising that Vladimir Putin reportedly resorted to theft as a form trying to secure every possible advantage as Russia and other countries compete with the United States and others in the search for a vaccine, “Schiff said in a statement.

Still, some security experts say Russia is hardly alone in such efforts.

“COVID-19 is an existential threat to every government in the world, so it is no surprise that cyber espionage capabilities are being used to gather information about a cure,” said John Hultquist, senior director of analysis for the group at FireEye Mandiant Threat Intelligence.

“Organizations developing vaccines and treatments for the virus are being heavily targeted by Russian, Iranian, and Chinese actors seeking an advantage in their own research,” Hultquist continued.

Theresa Payton, who served as White House chief information officer during the George W. Bush administration, told The Hill that she was not surprised by the news of the Russian attacks, noting that any nation state with sufficient security capacity Cybernetics would probably do the same.

“I wish I could say I was surprised, but I am not,” said Payton, who currently serves as CEO of cybersecurity consulting group Fortalice Solutions. “I don’t think Russia is the only one to carry out those campaigns.”

APT29 is considered a smart, active, and persistent hacking group that is known for its espionage efforts, and top intelligence officials warn that they take the threat seriously.

“APT29 has a long history of targeting government, diplomatic, expert group, health care, and energy organizations for intelligence, so we encourage everyone to take this threat seriously and apply the mitigations released in the advisory.” warned Anne Neuberger, the NSA’s director of cyber security. statement.

NCSC warned that governments, the diplomatic corps, the health care industry, the energy sector, think tanks and other research organizations are among the targets.

And while security experts generally advise against assuming motivations for phishing hacker expeditions, these experts and legislators made their motivation clear: Vaccination against the coronavirus pandemic is one of the most sought-after developments worldwide that countries continue to deal with millions of COVID cases19 and stagnant economies.

“APT29 is likely to continue targeting organizations involved in the research and development of the COVID-19 vaccine as they seek to answer additional intelligence questions related to the pandemic,” the NCSC report concludes, saying that it is “highly likely” that the group attempts to steal information about the COVID-19 vaccines.

Thursday’s joint alert was not the first effort by major security agencies to sound the alarm about threats of foreign espionage against COVID-19 vaccine development efforts.

The FBI and the Department of Homeland Security (CISA) Infrastructure and Cybersecurity Agency warned in May that Chinese government-backed hackers were targeting groups involved in the COVID-19 treatment investigation.

“These actors have been observed attempting to unlawfully identify and obtain valuable public health and intellectual property data related to vaccines, network testing and testing, and personnel affiliated with COVID-19 related research,” the agencies warned in the alert. “The potential theft of this information jeopardizes the delivery of safe, effective and efficient treatment options.”

The warning came immediately after a separate alert from CISA and NCSC that Advanced Persistent Threat Groups (APT) were using the COVID-19 pandemic to attack organizations deemed vulnerable, including hospitals, medical research groups, academia and local governments.

Following these alerts, CISA Director Chris Krebs warned that he expected to see “all intelligence services” attempt to attack and steal the coronavirus-related investigation.

“The Chinese have obviously been one of the most cheeky in terms of their approach, but others are also in the game,” Krebs said on the CBS News “Intelligence Matters” podcast. “This is a very active space.”

Concerns about Russia’s piracy efforts are particularly pressing, as the next presidential election is only months away.

And Russia’s efforts to sow discord during the 2016 election are still fresh in many minds within the ring.

During the heated 2016 presidential race, Russian actors launched a campaign of radical interference that aimed to set the division on fire and influence the elections so far.President TrumpDonald John TrumpAmash confirms he will not seek re-election of Chicago’s mayor to the White House press secretary: ‘Hello, Karen. Look at Your Mouth ‘Pentagon Reflection Plan to Ban Confederate Flag Without Mentioning It by Name: MORE Report.

They used a multiple approach, which included attacking electoral infrastructure in all 50 states, removing misinformation on social media, and hacking into the Democratic National Committee (DNC), as well as other email accounts related to the campaign.

Experts also noted that APT29 carried out a widespread phishing campaign after the 2018 midterm elections after the House turned to a Democratic majority, in which the US federal government, The Media communication and think tanks were attacked.

Secretary of state Mike PompeoMichael (Mike) Richard Pompeo Pompeo attacks the media, protests monuments in human rights speech. United States Announces Sanctions on Huawei, Citing Human Rights Abuses | Pompeo ‘confident’ that foreign opponents will interfere in elections MORE This week, he said he was “sure” that foreign adversaries, including Russia, would try to interfere in this year’s election, while emphasizing that the Trump administration was aware of the threat.

“The American people must be sure that whether it is Chinese interference, Iranian interference, Russian interference or interference from North Korea, any country or even non-state actors that now have the ability to interfere in our elections, they know this administration takes seriously its responsibility to ensure that every American vote is counted, counted correctly and that foreign influence is minimized, “Pompeo said during a virtual event hosted by The Hill.