Russian hackers who are “almost certainly” working for the country’s intelligence services have targeted coronavirus research facilities in the US, UK and Canada, according to allegations released by the UK government.
UK security officials told journalists on Thursday that the group, known as APT29, or “Cozy Bear” were launching “persistent, highly targeted and ongoing” cyber-attacks on organisations involved in development for a coronavirus vaccine as part of a “malicious” attempt to steal their research.
The info, which was released in coordination with the United States and Canada’s security services, suggests that the group have been making the hacking attempts since the start of the pandemic in February.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” the UK’s National Cyber Security Centre’s Director of Operations, Paul Chichester, said.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
A UK government spokesperson said that known targets of APT29 include UK, US and Canadian vaccine research and development organisations.
They said that the group uses techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
The group of hackers is called APT29, often referred to as Cozy Bear, which Dutch intelligence services say is led by the Russian Foreign Intelligence Service.
It has previously been accused of attacks on the Democratic National Committee, which resulted in the damaging leaks of Hillary Clinton’s private emails during the 2016 US presidential election. The move was said to be designed to assist Donald Trump in winning the presidency in 2016.
The group has also been linked to attacks on the Pentagon, the Norweigan government, the Dutch government, and multiple think-tanks and NGOs.
This week’s allegations are the first time that UK officials have made an explicit link between the group and Russian intelligence, despite the fact links have long been suspected.
Officials said the UK had a range of tools at its disposal to fend off cyber-attacks from malicious actors.