The Russia connectionRussian Government Hackers Trying to Steal COVID-19 Research Information from Western Labs

Russian government hackers are targeting organizations involved in coronavirus vaccine development, U.K. security officials have revealed.

The U.K. National Cyber Security Centre (NCSC) has published an advisory on Thursday, detailing activity of the Russian government’s hacking group  known as APT29, which has exploited organizations globally.

APT29, also named “the Dukes” or “Cozy Bear,” operate as part of Russian intelligence services. The NCSC notes that other Western intelligence services — the Canadian Communication Security Establishment (CSE), the U.S. Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA), and the National Security Agency (NSA) – have, over the years gathered evidence showing that APT29, under different names, is staffed by GRU (Russian military intelligence branch) hackers, and that the GRU subcontracts Kremlin-ordered cyber operations to APT29.

In 2016, the APT29 hackers stole emails from the Hillary Clinton campaign and the DNC. Roger Stone, whose sentence was commuted by President Trump last Friday, worked with GRU intelligence officers on scheduling their publication by WikiLeaks, so that the APT29 hacking would have the most benefit for the Trump presidential campaign.

The NCSC said that APT29’s campaign of malicious activity is ongoing – and is aiming at a broader set of targets beyond coronavirus research centers. These targets include government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.

NCSC Director of Operations, Paul Chichester, said:

We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.

The Foreign Secretary, Dominic Raab, said:

It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.

While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.

The U.K. will continue to counter those conducting such cyberattacks, and work with our allies to hold perpetrators to account.

The NCSC has previously warned that APT groups have been targeting organizations involved in both national and international COVID-19 responses.

Known targets of APT29 include U.K., U.S. and Canadian vaccine research and development organizations. The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail.”