National security agencies in the United Kingdom, United States and Canada on Thursday accused hackers linked to Russian intelligence services of targeting organizations conducting COVID-19 vaccine research with custom malware in an effort to steal intellectual property.
The U.K.’s National Cybersecurity Centre issued the joint advisory, which was also shared by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA), as well as Canada’s Communications Security Establishment.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” U.K Foreign Minister Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
CBS News said the agencies warned that the group known as APT29 — also referred to as “the Dukes” or “Cozy Bear” — was behind the attacks. It was not immediately clear if the group was successful in obtaining any data.
“Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” the advisory said.
The hacker group used malware known as “WellMess” and “WellMail” to target organizations around the world, the agencies said. Their report detailed APT29’s tactics and shared ways to identify whether data had been compromised.
NSA Cybersecurity Director Anne Neuberger said that the group “has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain.”
“[W]e encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” Neuberger said in a statement.
Several of the leading vaccine candidates are being developed by researchers in the U.S., the U.K. and Canada, with all three governments pouring billions of dollars into institutions and drugmakers to boost testing and production. One of the most promising candidates, developed by the National Institutes of Health and the drug company Moderna, is set to begin a key final round of testing later this month. U.S. health officials have said they hope to have 300 millions doses of a successful vaccine available by the end of the year.
U.S. authorities have previously accused cyber actors linked to the Chinese government of similar efforts. The FBI and CISA said in May that Chinese hackers were “attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”