The U.K., U.S. and Canada accused Russia on Thursday of conducting cyberattacks against coronavirus vaccine research institutions in an effort to steal vaccine data.
The British National Cybersecurity Center (NCSC) released an advisory backed by Canada’s Communications Security Establishment (CSE) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), which identifies Russian hacking group APT29 also known as “Cozy Bear” as the perpetrator of the attacks.
The advisory says that APT29 is “almost certainly” comprised of Russian intelligence services actors who have targeted research organizations in the U.K., U.S., and Canada with the intent of “stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”
APT29 scans for network vulnerabilities, and uses known exploits to gain access into systems where they conduct espionage and other malicious activities.
The group also uses various tools in their attacks, including custom malware called “WellMess” and “WellMail,” which have recently been attributed to the hacking group. The malware executes malicious commands and scripts on the infected system, and sends the results back to its command server.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, NCSC’s Director of Operations. “We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.”
The NCSC anticipates APT29 will continue their hacking and espionage efforts as they seek more intelligence related to the COVID-19 pandemic.
British Foreign Secretary Dominic Raab, said, “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
Raab also warned that perpetrators of attacks such as these will be held accountable.
CISA had issued an advisory in May warning about China targeting coronavirus research institutions for hacks.