WASHINGTON (News Nation) — The United States, United Kingdom, and Canada accused Russian hackers Thursday of trying to steal valuable private information from researchers seeking a coronavirus vaccine. The three nations called out the Kremlin in an unusually detailed public warning to scientists and medical companies.
A coordinated statement from Britain, the United States and Canada attributed the alleged attacks to the hacking group APT29, also known as Cozy Bear. The group was also blamed for American election interference four years ago, and now it’s accused of hacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.
It was unclear whether any useful information was stolen. But British Foreign Secretary Dominic Raab said, “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.”
He also accused Moscow of pursuing “selfish interests with reckless behavior.”
Sticking to more general language, White House press secretary Kayleigh McEnany said, “We worked very closely with our allies to ensure that we would take measures to keep that information safe and we continue do so so.”
The allegation that hackers linked to a foreign government are attempting to siphon secret medical research during the pandemic is not entirely new. U.S. officials as recently as Thursday have accused China of virtually identical conduct. But this latest public warning offers significant details, by naming one particular hacking group and specifying the software vulnerabilities the hackers allegedly have been exploiting.
“I think (the governments) have very specific intelligence that they can provide,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence. “The report is full of specific operational information that defenders can use” to protect their networks.
Russian President Vladimir Putin’s spokesman, Dmitry Peskov, rejected the accusations, saying: “We don’t have information about who may have hacked pharmaceutical companies and research centers in Britain.”
“We may say one thing: Russia has nothing to do with those attempts,” Peskov said, according to the state news agency Tass.
The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research. The agency said the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
The persistent attacks are seen as an effort to steal intellectual property rather than to disrupt research. Individuals’ confidential information is not believed to have been compromised.
Thursday’s warning speaks to the vulnerability created by the pandemic and the global race for a vaccine.
Profit-motivated criminals have exploited the situation and so have foreign governments “who also have their own urgent demands for information about the pandemic and about things like vaccine research,” Tonya Ugoretz, an FBI deputy assistant director, said at a cybersecurity conference last month.
“Some of them are using their cyber capabilities to, for example, attempt to break into the networks of those who are conducting this research as well as into nongovernmental organizations to satisfy their own information needs,” Ugoretz said.
The alert did not name the targeted organizations themselves or say how many were affected. But it did say they were in the U.S., U.K. and Canada.
Britain’s NCSC said its assessment was shared by the U.S. Department of Homeland Security, the Cybersecurity Infrastructure Security Agency and the National Security Agency, and by the Canadian Communication Security Establishment.
The U.K. statement did not say whether Putin knew about the vaccine research hacking.
A 16-page advisory prepared by Western agencies and made public Thursday accuses the hacking group tied to Russian intelligence services and known colloquially as Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
Cozy Bear is one of two hacking groups suspected of separate break-ins of computer networks of the Democratic National Committee before the 2016 U.S. election. Stolen emails were then published by WikiLeaks in what U.S. intelligence authorities say was an effort to aid President Trump’s campaign over Democratic rival Hillary Clinton.
Separately, Thursday, Britain accused “Russian actors” of trying to interfere in December’s U.K. national election by circulating leaked or stolen documents online. Unlike in the vaccine report, the U.K. did not allege that the Russian government was involved in the political meddling.
The Associated Press and Reuters contributed to this report