London/Edinburgh: The U.K. accused Russian state intelligence of hacking international pharmaceutical and academic research in a bid to win the race to secure a vaccine against Covid-19.
British officials said their assessment was backed up security agencies in the U.S. and Canada and warned that the cyber attacks are ongoing. It is unclear whether research facilities have been damaged or if the vaccine programs have been set back as a result of the hacks.
In a dramatic statement on Thursday, Britain’s National Cyber Security Centre (NCSC) said vaccine and therapeutic sectors in multiple countries have been targeted by a group known as APT29, which it said is “almost certainly” part of Russian state intelligence.
“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” British Foreign Secretary Dominic Raab said.
“While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health,” Raab said. “The U.K. will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
The intelligence bombshell came at a delicate time in geopolitics with a combative U.S. election looming in November and the pandemic plunging the world economy into recession. Coronavirus has launched a global race for a vaccine, in which researchers in the U.K. have made progress recently.
The NCSC said APT29, which also goes by the name of Cozy Bear or The Dukes, has targeted U.K., U.S. and Canadian vaccine research and development organizations. The campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property, according to the NCSC.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations Paul Chichester said in an emailed statement. “Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”
Researchers have long linked APT29 to Russian intelligence agencies. For more than a decade, the group has carried out hacking campaigns that have targeted dozens of governments, research institutes, and corporations around the world, according to an analysis published in March by cybersecurity firm Carbon Black.
The group was first identified in November 2008 using malware to target Chechens, according to a March 2015 report published by the Finnish security firm F-Secure. Later, APT29 broadened its targets. It attempted to hack government departments in Georgia, Turkey, Uganda, and appeared to be trying to gather information about the activities of NATO, according to the F-Secure report.
In 2016, US cybersecurity firm Crowdstrike linked APT29 to hack of the Democratic National Committee. The Russian hackers penetrated the DNC’s servers in the summer of 2015, and maintained access to the organization’s data for about a year, according to Crowdstrike researchers. Crowdstrike CEO Sean Henry told the House Intelligence Committee in December 2017 that he had a “high degree of confidence it was the Russian Government” behind that attack.
Artturi Lehtiö, director of strategy and corporate development for F-Secure, has closely followed APT29’s activities. He said that if the group has been targeting Covid research organizations, it was “slightly unusual,” as the group usually targets foreign and security policy-related organizations.
“They traditionally go after intelligence that would inform policy and their interactions with other nations,” he said. But the group sometimes deviates from those targets, he said, and involves multiple state actors in Russia with differing priorities.
But Britain released a report into the attacks, saying its findings were supported by partners at the Canadian Communication Security Establishment (CSE), the U.S. Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
“The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable,” Prime Minister Boris Johnson’s spokesman James Slack said. “Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.”- Bloomberg