A Russian-backed hacker group has tried to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries.
The Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.
The group was accused of hacking the Democratic National Committee before the 2016 U.S. election.
The group “almost certainly operates as part of Russian intelligence services,” the CSE said in a statement released Thursday morning in co-ordination with its international counterparts — an allegation the Kremlin immediately denied.
“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic,” the CSE statement says.
When asked if the malicious hits were successful and which facilities in Canada were targeted, a spokesperson said the CSE is generally “not able to comment on, or confirm details about specific cybersecurity incidents.”
In response to CBC’s inquiries, CSE spokesperson Evan Koronewski did point to a recent threat bulletin that reported a Canadian biopharmaceutical company was compromised by a foreign cyber threat actor back in mid-April.
The three targeted countries said the Russian actors have been using custom malware known as WellMess and WellMail to attack a number of organizations globally during the pandemic.
The head of Britain’s National Cyber Security Centre, Paul Chichester, said the allies “condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.”
Previous warnings
In May, the CSE said authorities were investigating possible security breaches at Canadian organizations doing COVID-19-related research but did not say who was behind the attacks or where they were coming from.
The agency has been warning since the start of the COVID-19 crisis that Canadian intellectual property linked to the pandemic is a “valuable target” for state-sponsored actors.
U.K. Foreign Secretary Dominic Raab tweeted that his government stands with Canada and the U.S. “against the reckless actions of Russia’s intelligence services, who we have exposed today for committing cyber attacks against those working on a COVID-19 vaccine.”
The Russian news agency RIA said Russian President Vladimir Putin’s spokesperson Dmitry Peskov denied the allegations, which he said were not backed up by proper evidence.
The ???????? stands with ???????? & ???????? against the reckless actions of Russia’s intelligence services, who we have exposed today for committing cyber attacks against those working on a <a href=”https://twitter.com/hashtag/Covid19?src=hash&ref_src=twsrc%5Etfw”>#Covid19</a> vaccine – undermining vital ???? cooperation to defeat this pandemic <a href=”https://t.co/6nIq8Nu5Iz”>https://t.co/6nIq8Nu5Iz</a>
—@DominicRaab
Source:
