A notice released by the UK’s National Center for Cyber Security (NCSC) details the activity of the Russian piracy group and explicitly calls for efforts to target US vaccine research and development organizations. USA, UK and Canada.
“APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property,” a press release on the advisory said.
Cozy Bear is one of two hacking groups linked to Russian intelligence believed to have accessed the Democratic National Committee’s internal systems in the run-up to the 2016 U.S. election, but Thursday’s announcement is the first time that It names this group in relation to cyberattacks related to the coronavirus pandemic.
Authorities in the US, UK, and Canada have issued several warnings about state-backed cyber attacks against organizations involved in the coronavirus response in recent months.
In April, CNN also reported a growing wave of cyber attacks on US government agencies and medical institutions that led the pandemic response from nation states and criminal groups.
Hospitals, research labs, healthcare providers and pharmaceutical companies have been affected, authorities said at the time.
The Department of Health and Human Services, which oversees the Centers for Disease Control and Prevention, has also been hit by a wave of daily attacks, an official with direct knowledge of the attacks told CNN, adding that Russia and China were the main culprits
“The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protect national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the COVID-19 pandemic ongoing, “NSA Director of Cybersecurity Anne Neuberger said in a statement Thursday.
“APT29 has a long history of targeting government, diplomatic, expert group, health care, and energy organizations for intelligence, so we encourage everyone to take this threat seriously and apply the mitigations released in the advisory.” , said.
The NCSC, which is the UK’s leading technical authority on cyber security and part of the UK Government’s Communications Headquarters (GCHQ), assessed that APT29 “almost certainly operates as part of the Russian Intelligence Services”.
This assessment is also supported by partners from the Canadian Communication Security Establishment (CSE), the Department of Homeland Security (DHS) of the Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), he said. the NCSC.
“We condemn these despicable attacks on those who do vital work to combat the coronavirus pandemic,” NCSC chief operating officer Paul Chichester said in a statement. “By working with our allies, the NCSC is committed to protecting our most critical assets, and our top priority right now is to protect the health sector.”
The press release said the NCSC had previously warned that APT (Advanced Persistent Threats) groups had targeted organizations involved in national and international Covid-19 responses.
APT29 uses a variety of tools and techniques, including phishing and custom malware known as “WellMess” and “WellMail,” according to the NCSC.
The report concluded that “APT29 is likely to continue to target organizations involved in the research and development of the COVID-19 vaccine as they seek to answer additional intelligence questions related to the pandemic.”
.
