Russian hackers are hitting coronavirus vaccine research centers, officials said.
James Martin/CNET
While researchers are scrambling to develop a vaccine for the coronavirus pandemic, Russian hackers have been working to steal it, officials from the UK, US and Canada said on Wednesday.
In a joint statement from the UK’s National Cyber Security Centre, the US’s Cybersecurity Infrastructure Security Agency, the National Security Agency and Canada’s Communication Security Establishment on Wednesday, the group said that Russian hackers were carrying out cyberattacks against the healthcare and energy industry in attempts to steal information about the coronavirus vaccine.
The groups pinned the attacks on Russia’s hacking group Cozy Bear (APT29), the same set behind the hacks against the Democratic National Committee during the US presidential election in 2016.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the NCSC director of operations.
The coronavirus has gripped countries around the world, with more than 13 million confirmed cases as of July 16, and 585,000 deaths. Cases continue to spike in the US, while other nations are getting their outbreaks under control. A vaccine for the disease plays a key part in reopening communities, and researchers are quickly running trials to develop one.
Countries that may not have the same amount of resources or researchers to develop one on their own are looking to steal information from nations that are working on a vaccine. The agencies said on Thursday that Russian hackers were using custom malware and phishing attacks targeted against vaccine researchers in the US, UK and Canada.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” the UK’s foreign secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The Russian embassy did not respond to a request for comment. The US, UK and Canadian agencies released an advisory on Thursday detailing how the hacking attempts happened. It started with widespread scans for open servers owned by their targets, and gained access through known vulnerabilities.
The Russian hackers could have also gained access by stealing passwords and logins through targeted phishing attacks, the advisory said. Once they had access, the hacking group used a custom malware called WellMess and WellMail that could execute commands, upload and download files and steal information on infected devices, according to the report.
“The National Security Agency, along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” NSA cybersecurity director Anne Neuberger said in a statement. “APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.”
Russia is not the only nation accused of using hackers to steal information to develop a COVID-19 vaccine. In May, the FBI said that Chinese hackers were also attempting to steal coronavirus vaccine research, while security researchers found that Vietnam’s hackers were targeting the Chinese government for information on how to deal with the coronavirus outbreak.
