author image James HockadayThursday 16 Jul 2020 2:10 pm
Hackers linked to Russian intelligence agencies are targeting British scientists seeking to develop a coronavirus vaccine, spooks in the US, UK and Canada have warned. They say the APT29 hacking group, also known as the ‘Dukes’ or ‘Cozy Bear’ has been hitting medical organisations and universities with cyber attacks which they believe have had the Kremlin’s blessing. In a joint statement today Britain’s National Cyber Security Centre (NCSC), the US National Security Agency and the Canadian Communication Security Establishment, said the attacks were part of a global campaign to steal the secrets of research. While the institutions targeted have not been revealed, the UK is home to two of the world’s leading coronavirus vaccine development programmes based at Oxford University and Imperial College London.
NCSC director of operations Paul Chichester said: ‘We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Visit our live blog for the latest updates: Coronavirus news live ‘Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.’ Russia’s President Vladimir Putin attends a meeting on the state budget via a video conference call at the Novo-Ogaryovo state residence outside Moscow, Russia July 16, 2020.
Sputnik/Alexei Druzhinin/Kremlin via REUTERS ATTENTION EDITORS – THIS IMAGE WAS PROVIDED BY A THIRD PARTY. Intelligence services say they are confident the attacks had the Kremlin’s blessing (Picture: Reuters)
Britain, the US and Canada say the campaign of ‘malicious activity’ was ‘almost certainly’ part of Russian intelligence services operation. They say attacks have been predominantly aimed at government, diplomatic, think-tank, healthcare and energy targets in an attempt to steal valuable intellectual property. The NCSC has previously warned that APT (standing for advanced persistent threat) groups have been targeting organisations involved in both national and international Covid-19 research. APT29 is said to use a variety of tools and techniques, including spear-phishing and custom malware known as ‘WellMess’ and ‘WellMail’. In this April 10, 2020, photo released by Xinhua News Agency, a staff member holds up a sample of a potential COVID-19 vaccine at a production plant of SinoPharm in Beijing. In the global race to make a coronavirus vaccine, the state-owned Chinese company is boasting that it gave its employees, including top executives, experimental shots even before the government OK’d testing in people.
(Zhang Yuwei/Xinhua via AP) The NCSC has warned labs to follow security advice to ‘help defend their networks’ (Picture: AP) Condemning the hackers, Foreign Secretary Dominic Raab said: ‘It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic. ‘While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. ‘The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.’