Russian spies are targeting organizations trying to develop a coronavirus vaccine in the United Kingdom, the United States and Canada, security services warned.
The UK’s National Cyber Security Center (NCSC) said hackers “almost certainly” operated as “part of the Russian intelligence services.”
He did not specify which organizations he had approached or if any information had been stolen.
But he said the vaccine research had not been hampered by hackers.
Russia has denied responsibility.
“We have no information on who has hacked drug companies and research centers in Britain. We can say one thing: Russia has nothing to do with these attempts,” said Dmitry Peskov, a spokesman for President Putin, according to the news agency. Tass news.
The warning was issued by an international group of security services:
-
NCSC UK
-
The Canadian Communication Security Establishment (CSE)
-
the United States Department of Homeland Security (DHS) Cyber Security Infrastructure Security Agency (CISA)
-
the United States National Security Agency (NSA)
One expert said it was “plausible” that, despite Kremlin denials, Russian spies were involved.
“The wisdom received is that in cyberspace, attribution is difficult but not impossible,” said Emily Taylor of the Chatham House think tank.
“In general, security services are much more demanding in their language if they think there is any doubt.
“Cozy bear [the named group] it has been involved in past cyberattacks and has left a good trail, and there are quite good links with the Russian state itself. “
In recent years, Western security agencies have been more willing to call hackers targeting companies and organizations in their countries in the hope that it will deter them.
But the latest allegations are more unusual as officials point the finger directly at Russian spies instead of speaking generally of “state-backed hackers” or using other, more cautious references.
And they are also being challenged to attack something that the general public recognizes as highly sensitive, the investigation of the coronavirus vaccine, rather than simply information from any company or government department.
However, on another level we should not be too surprised by the claim.
Understanding vaccine research and other details about the pandemic has become a primary focus for intelligence agencies around the world, and many others, including Western spies, are likely to be active in this space.
Agencies in the United Kingdom, the United States and Canada said hackers had exploited software flaws to access vulnerable computer systems, and had used malware called WellMess and WellMail to upload and download files from infected machines.
They are also said to have tricked people into handing over login credentials with phishing attacks.
-
Identity fraud emails are designed to trick the recipient into giving up their personal information
-
Spear phishing it is a targeted and personalized form of attack designed to trick a specific individual. Often the email appears to come from a trusted contact and may include personal information to make the message appear more compelling
But a cybersecurity expert said the Russians were unlikely to be the only ones involved in such a campaign.
“They have a lot of people, we have a lot of people, Americans have even more people, just like the Chinese,” said Professor Ross Anderson of the University of Cambridge Computer Laboratory.
“Everyone tries to steal this kind of thing all the time.”
Who is accused of being responsible?
The NCSC calls a group of hackers called APT29, also known as The Dukes or Cozy Bear.
He says he is more than 95% sure that the group is part of the Russian intelligence services.
Cozy Bear was first identified as a significant “threat actor” in 2014, according to US cybersecurity firm Crowdstrike.
He describes the group as “aggressive” in its tactics and “nothing but flexible, changing tool sets frequently.”
The unit has previously been involved in hacking the United States Democratic National Committee (DNC) during the 2016 United States presidential election.
In 2017, it attacked the Norwegian Labor Party, the defense and foreign affairs ministries, as well as the country’s national security service.
The report includes recommendations that can help protect organizations from cyber attacks.
“Throughout 2020, APT29 has targeted various organizations involved in the development of the Covid-19 vaccine in Canada, the United States, and the United Kingdom, most likely with the intention of stealing development-related information and intellectual property and testing of Covid-19 vaccines, “it said.
UK Foreign Secretary Dominic Raab said: “It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic.”
“While others pursue their selfish interests with reckless behavior, the UK and its allies continue the hard work of finding a vaccine and protecting global health.”
On Thursday, the UK government also said that the Russians had “almost certainly” tried to interfere in the 2019 UK general election through illicitly acquired documents.
“We work closely with our allies to make sure we take steps to keep that information safe,” said White House spokeswoman Kayleigh McEnany, “and we continue to do so and are aware of those activities.”
What else has the United States said?
by Tara McKelvey in Washington DC
“The National Security Agency, along with our partners, remains steadfast in its commitment to protect national security by collectively issuing this critical cyber security notice as foreign actors continue to take advantage of the Covid-19 pandemic,” NSA cyber security said. director Anne Neuberger.
In early 2020, John Demers, an assistant U.S. attorney general of national security, warned that hackers working for foreign governments were trying to steal the vaccine investigation.
He said the first nation to find a vaccine will first gain influence on the world stage with a “significant geopolitical success story.”
For that reason, hackers have been conducting vaccine research in several countries. Demers and others who work in American intelligence have been watching his activities closely.
Now, intelligence experts know more about the hackers’ goals and how they use phishing and malware to get what they want.