Britain, U.S. and Canada security agencies report hackers backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world.
A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as Cozy Bear. Britain’s National Cyber Security Centre (NCSC) said hackers were certainly operating as part of the Russian intelligence services.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC Director of Operations Paul Chichester.
Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa. Spokesman Dmitry Peskov for the Kremlin of course rejected London’s allegations. He said the accusations were not backed by proper evidence.
In a separate announcement Britain also accused “Russian actors” of trying to interfere in its 2019 election. Above all by trying to spread leaked documents online. Russia’s foreign ministry also said those accusations were “foggy and contradictory”.
Britain is expected to publish a long-delayed report into Russian influence in British politics next week.
Russian Hackers target work on the Covid-19 Vaccine Data
British foreign minister Dominic Raab said it was “completely unacceptable” for Russian intelligence services to target work on the pandemic.
“While Russian hackers pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine. Also protecting global health,” he said in a statement.
He said Britain would work with allies to hold perpetrators to account.
The NCSC also said the Russian hackers attacks were continuing and used a variety of tools and techniques. Including spear-phishing and custom malware sent in emails.
“APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development. Even more as they seek to answer additional intelligence questions relating to the pandemic,” the NCSC statement said.
Hackers Used Malware – WellMail, SoreFang and WellMess
The U.S. Department of Homeland Security and U.S. Cyber Command also released technical information on Thursday. Saying three hacking tools being deployed by the Russian hackers; WellMail, SoreFang and WellMess.
Private sector cybersecurity researchers who had spotted the WellMess malware were unaware of its Russian origins.
In several cases, WellMess was found within U.S. pharmaceutical companies, said three investigators familiar with the matter. They spoke on condition of anonymity with Reuters to discuss confidential information. The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the Russian hackers victims.
Britain and the United States said in May that networks of Russian hackers were targeting national and international organisations. Those responding to the pandemic. Furthermore such attacks have not previously been explicitly connected to the Russian state.