Russian piracy groups Luxury Bear and Welcoming Bear under fire

Security officials have accused Russian hackers of trying to steal information about the coronavirus vaccine investigation in the United States, Canada, and the United Kingdom.

The US Department of Homeland Security, the Cyber ​​Security Infrastructure Security Agency, the National Security Agency, the Canadian Communications Security Establishment and the UK National Center for Cyber ​​Security joined forces on Thursday accusing to Russia from the hacking campaign.

“It is completely unacceptable that the Russian intelligence services are targeting those who are working to combat the coronavirus pandemic,” UK Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behavior, the UK and its allies continue the hard work of finding a vaccine and protecting global health.”

Raab also said he was almost certain that the Russians attempted to interfere in the UK general election in 2019, but did not point the figure to any specific group. Russia denied both allegations.

So who exactly was trying to steal the coronavirus vaccine? Well, security officials think they know that.

There are two piracy groups believed to be linked to Russian spy agencies: one is Fancy Bear and the other is Cozy Bear.

In this case, the lesser-known Cozy Bear is said to be the main culprit. It is formally known as ATP29, where APT stands for Advanced Persistent Threat.

In recent months, Cozy Bear hackers have allegedly used custom phishing and malware software to try to extract crucial files to develop a vaccine.

“This latest campaign fits in with his modus operandi of disruption, theft of intellectual property and sowing mistrust in democracy,” said Andrew Tsonchev, chief technology officer for security firm Darktrace.

“We are at the stage where groups like this can send malicious emails that humans cannot distinguish from genuine communication.”

Cozy Bear is believed to be linked to Russia’s foreign intelligence service, or SVR RF, which collaborates with the country’s Federal Security Service (FSB).

The UK NCSC said Cozy Bear “almost certainly operates as part of the Russian intelligence services,” adding that he was 95% sure.

Kremlin spokesman Dmitry Peskov rejected the allegations on Thursday, according to the state news agency TASS.

“We have no information on who has hacked drug companies and research centers in Britain. We can say one thing: Russia has nothing to do with these attempts,” he said.

Cozy Bear was involved in the attack on the Democratic National Committee (DNC) during the 2016 U.S. presidential election, according to security firm CrowdStrike.

Norway’s PST security agency said Cozy Bear attacked the Norwegian Labor Party in 2017, as well as the country’s defense and foreign affairs ministries.

Fancy Bear, better known formally as APT28, is better known than Cozy Bear.

It is believed to be the piracy division of the GRU, which is Russia’s main foreign intelligence military service.

Like Cozy Bear, Fancy Bear was said to have been involved in the hacking of DNC servers during the 2016 election campaign in the United States.

Some of the Fancy Bear hackers were advertised by special counsel Robert Mueller after his investigation into Russian interference during the campaign.

In total, 12 officers were named and one of them is being sought by German officials for a cyber attack on the German Bundestag in 2015.