THE UK’S CYBER-SECURITY agency has accused a hacking group it said “almost certainly” operates as part of Russian intelligence services of trying to steal research into potential coronavirus vaccines.
The National Cyber Security Centre (NCSC) said the attacks by the group APT29 were ongoing but targets have so far included UK, US and Canadian vaccine research and development organisations.
The NCSC said it is “95%+” certain that APT29 are part of the Russian Intelligence Services, and that it is “highly likely, 80–90%”, that this activity was to collect information on Covid-19 vaccine research or on SARS-CoV-2 itself.
In a joint statement with the US National Security Agency and the Canadian Communication Security Establishment, the NCSC said the attacks were part of a global campaign by the group known as APT29 to steal the secrets of vaccine research.
“The NCSC assesses that APT29, also named the Dukes or Cozy Bear, almost certainly operate as part of Russian Intelligence Services,” it said.
The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.
Shehab Khan / Twitter
Shehab Khan / Twitter / Twitter
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
Foreign Secretary Dominic Raab expressed outrage at the findings, which were published alongside an advisory on how organisations can help protect themselves from cyber attacks.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” he said.
While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
Raab continued: “The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
The NCSC said that government, diplomatic, think-tank, healthcare and energy groups were mainly being targeted, in a bid “to steal valuable intellectual property”.
Election meddling
Moments earlier, the UK accused “Russian actors” of seeking to disrupt its general election held late last year by circulating leaked trade documents between London and Washington.
The government launched an investigation into the source of the leak, after details of talks with the United States on a possible post-Brexit trade deal were published on social media site Reddit.
The main opposition Labour party said the files proved the government would “sell-out” the state-run National Health Service (NHS) to US companies.
Funding for the NHS was a key campaign issue before the 12 December vote.
Labour’s then-leader Jeremy Corbyn dismissed as a “conspiracy theory” claims the leak used in his campaign was put online by Russia, but did not say where the party obtained them.
But Foreign Secretary Raab said today that the government had concluded after “extensive analysis” that there was strong suspicion of a Russian link.
“On the basis of extensive analysis, the government has concluded that it is almost certain that Russian actors sought to interfere with the 2019 general election through the online amplification of illicitly acquired and leaked government documents,” he said in a written statement to parliament.
To embed this post, copy the code below on your site
have your say