Russian state-sponsored hackers target Covid-19 vaccine researchers

Russian state-sponsored hackers are targeting UK, US and Canadian organisations involved in developing a coronavirus vaccine, according to British security officials.

The UK’s National Cyber Security Centre (NCSC) said drug companies and research groups were being targeted by a group known as APT29, which was “almost certainly” part of the Kremlin’s intelligence services.

British officials would not say if any of the attacks had been successful in their goal of stealing medical secrets. They stressed, however, that none of the vaccine research had been compromised as a result.

Britain is at the forefront of research efforts to produce a coronavirus vaccine, with scientists at Oxford University and Imperial College London, among those leading global efforts to find the vital medicine.

It is rare for the UK to explicitly state that it believes another country is behind a coordinated campaign of cyber-attacks, but British officials indicated it shared its assessment with the US and Canada, both of whom are expected to release their own updates shortly.

The UK’s foreign secretary, Dominic Raab, said it was “completely unacceptable” for Russian intelligence services to target research on the Covid-19 pandemic.

He said: “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”

The APT29 group has been active for several years, and is also known in the hacker community as the Dukes or Cozy Bear. The same group has been linked to attacks on the US Democratic party in the run-up to 2016 elections.

Cozy Bear came to prominence in 2015, when researchers at Kaspersky Lab pinned devastating hacks of the unclassified state department and White House networks on to the group. It has previously been alleged that this group is controlled by the Russian FSB spy agency.

APT29 uses a variety of tools and techniques to try to steal secrets, including using phishing emails and custom malware known as “WellMess” and “WellMail”. Governments, thinktanks and the energy sector are also being targeted.

Paul Chichester, director of operations for the NCSC, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.”

The organisation is releasing a security advisory to help potentially affected groups tackle the threat.