Britain, the United States and Canada accused Russia on Thursday of trying to steal information from researchers seeking a COVID-19 vaccine.
The three nations alleged that hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence service, is attacking academic and pharmaceutical research institutions involved in coronavirus vaccine development.
Britain’s National Cyber Security Centre made the announcement, which was coordinated with authorities in the US and Canada.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The persistent and continuing attacks are seen by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. The campaign of “malicious activity” is ongoing and includes attacks “predominantly against government, diplomatic, think-tank, healthcare and energy targets,” the National Cyber Security Centre said in a statement.
It was unclear whether any information was stolen but the centre says individuals’ confidential information is not believed to have been compromised.
Moscow rejected the allegations.
“We have no information on who could have hacked pharmaceutical companies and research centres in Britain,” Kremlin spokesman Dmitry Peskov told the TASS news agency.
“We can only say this: Russia has nothing to do with these attempts.”
The director of operations for the British cybersecurity centre, Paul Chichester, urged “organisations to familiarise themselves with the advice we have published to help defend their networks”.
The statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.
A 16-page advisory made public by Britain, the US and Canada on Thursday accuses Cozy Bear of using custom malicious software to target a number of organisations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organisations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
The US Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
Vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organisations and local governments, security officials have said.
The global reach and international supply chains of these organisations also make them vulnerable, the US Cybersecurity and Infrastructure Security Agency said in an alert published in conjunction with its counterparts in Britain.
CISA said it and the British cybersecurity agency have detected the threat groups scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. It did not name any of the targeted companies.
US authorities have for months levelled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organisations, pharmaceutical companies and academic institutions conducting essential COVID-19 research.”