Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

UK, US, Canada Accuse Russia of Hacking Virus Vaccine Trials

Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity.

Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity.

Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.

“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ British Foreign Secretary Dominic Raab said in a statement, accusing Moscow of pursuing “selfish interests with reckless behavior.”

Russian President Vladimir Putin’s spokesman, Dmitry Peskov, rejected the British accusations, saying: “We don’t have information about who may have hacked pharmaceutical companies and research centers in Britain.”

“We may say one thing: Russia has nothing to do with those attempts,” Peskov said, according to the state news agency Tass.

The persistent and ongoing attacks are seen by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. The campaign of “malicious activity″ is ongoing and includes attacks “predominantly against government, diplomatic, think tank, health care and energy targets,″ Britain’s National Cyber Security Centre said in a statement.

Britain’s NCSC said its assessment was shared by the U.S. Department of Homeland Security, the Cybersecurity Infrastructure Security Agency and the National Security Agency, and by the Canadian Communication Security Establishment. The move at a coordinated position seemed designed to add heft and gravity to the announcement — hopefully prompting the targets of the hackers to take protective action.

It was unclear whether any information actually was stolen, but the U.K. says individuals’ confidential information is not believed to have been compromised.

Advertisement. Scroll to continue reading.

The U.K. statement did not say whether Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.

Relations been Russia and the U.K. have plummeted since former spy Sergei Skripal and his daughter were poisoned with a Soviet-made nerve agent in the English city of Salisbury in 2018 and later recovered. Britain blamed Moscow for the attack, which triggered a round of retaliatory diplomatic expulsions between Russia and Western countries.

In a separate report Thursday, Britain accused “Russian actors” of trying to interfere in December’s U.K. national election by circulating leaked or stolen documents online. Unlike in the vaccine report, the U.K. did not allege that the Russian state was involved in the political meddling.

Prime Minister Boris Johnson is being accused by opponents of suppressing a report into Russian interference in British politics that was completed last year by the committee that oversees the U.K. intelligence services. The document was not cleared for publication before the general election in December, and the six -month delay since then in appointing new members to the Intelligence and Security Committee led to allegations that Johnson’s government was deliberately stalling.

The opposition Labour Party has accused the government of failing to publish the report because it would lead to other questions about links between Russia and the Brexit campaign in Britain’s 2016 European Union membership referendum, which Johnson helped to lead.

The intelligence committee met for the first time this week and said it would publish the Russia report before Parliament begins its summer break on July 22.

Some critics accused the government of releasing its dossiers of allegations about Russia as a diversionary tactic.

Johnson’s spokesman, James Slack, said that was “nonsense.”

The report of Russia trying to hack COVID-19 vaccine research comes two years to the day since Trump stood alongside Putin in Helsinki and appeared to side with Moscow instead of U.S. intelligence agencies about the 2016 election interference.

A 16-page advisory prepared by Western agencies accuses Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.

“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.

The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.

The global reach and international supply chains of these organizations also make them vulnerable, the U.S. Cybersecurity and Infrastructure Security Agency said in an alert published in conjunction with its counterparts in Britain.

CISA said it and the British cyberseucity agency have detected the threat groups scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. It did not identify any of the targeted companies.

U.S. authorities have for months leveled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”

Mike Chapple, an information technology expert at the University of Notre Dame’s Mendoza College of Business, said the Russian hackers realized that knowledge is power when it comes to COVID-19.

“I think the biggest takeaway from these attacks is that other countries are actively targeting the health research industry and we’re seeing the pharmaceutical companies and others being targeted because they have the information that can be used to help alleviate this global pandemic,″ he said. “It’s reasonable to conclude that the coronavirus is the No. 1 priority of every intelligence agency around the world right now.″

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...