LONDON – Hackers backed by the Russian government are attempting to steal information from researchers and pharmaceutical companies racing to find a COVID-19 vaccine, Britain, the United States and Canada alleged Thursday.
Britain’s National Cybersecurity Centre said the hackers were “almost certainly” connected to Russia’s intelligence services. Britain made the announcement in coordination with authorities in the U.S. and Canada.
The three nations alleged that hacking group APT29, also known as Cozy Bear, is attacking academic and drug research institutions involved in coronavirus vaccine development. The announcement did not specify which institutions and companies had been targeted or whether any vaccine information had been stolen.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ Dominic Raab, Britain’s foreign secretary, said in a statement. “While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The National Cybersecurity Centre said that it had detected a prolonged campaign of “malicious activity” from Russia-backed hackers that includes attacks “predominantly against government, diplomatic, think-tank, healthcare and energy targets.”
The statement from the National Cybersecurity Centre did not say whether Russian President Vladimir Putin knew about the vaccine research hacking.
The Russian Foreign Ministry did not immediately respond to a request for comment.
Matthew Schmidt, a political scientist at the University of New Haven, said that the hacked vaccine research is a “statement of the weakness of Russian science under 20 years of Putin’s rule.”
Cozy Bear, also known as the “dukes,” has been identified by Washington as one of two Russian government-linked hacking groups that broke into the Democratic National Committee computer network and stole emails ahead of the 2016 presidential election. The other group is usually called Fancy Bear.
Russian hackers: Cybersecurity firm warns of effort to penetrate Senate email system
A 16-page advisory made public by Britain, the U.S. and Canada on Thursday accuses Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
Vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organizations, and local governments, security officials have said.
The global reach and international supply chains of these organizations also make them vulnerable, the U.S. Cybersecurity and Infrastructure Security Agency said in an alert published in conjunction with its counterparts in Britain.
U.S. authorities have for months leveled similar accusations against China.
FBI Director Chris Wray said last week: “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”
In this March 16, 2020, file photo, a subject receives a shot in the first-stage safety study clinical trial of a potential vaccine by Moderna for COVID-19, the disease caused by the new coronavirus, at the Kaiser Permanente Washington Health Research Institute in Seattle. According to results released on Tuesday, July 14, 2020, early-stage testing showed the first COVID-19 vaccine tested in the U.S. revved up people’s immune systems the way scientists had hoped. The vaccine is made by the National Institutes of Health and Moderna Inc.
U.S. authorities have previously leveled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”
Can you get infected with COVID-19 twice? Experts say possibility is ‘certainly real’
24 hours in a COVID-19 hot spot leaves no walk of life unscathed: This is what it’s like
Contributing: Associated Press
This article originally appeared on USA TODAY: Russia accused of hacking COVID-19 vaccine trials by US, Canada, UK