 Russia
trying to steal COVID-19 vaccine data, say UK, U.S. and
Canada
Send a link to a friend
[July 17, 2020]
By William James and Steve Scherer
LONDON/OTTAWA (Reuters) - Hackers backed by
the Russian state are trying to steal COVID-19 vaccine and treatment
research from academic and pharmaceutical institutions around the world,
Britain's National Cyber Security Centre (NCSC) said on Thursday.
|
|
 A co-ordinated statement from Britain, the United States and Canada
attributed the attacks to group APT29, also known as Cozy Bear,
which they said was almost certainly operating as part of Russian
intelligence services.
"We condemn these despicable attacks against those doing vital work
to combat the coronavirus pandemic," said NCSC Director of
Operations Paul Chichester.
Cybersecurity researchers said an APT29 hacking tool was used
against clients located in United States, Japan, China and Africa
over the last year.
Russian news agency RIA cited spokesman Dmitry Peskov as saying the
Kremlin rejected London's allegations, which he said were not backed
by proper evidence.
In a separate announcement Britain also accused "Russian actors" of
trying to interfere in its 2019 election by trying to spread leaked
documents online. Russia's foreign ministry said those accusations
were "foggy and contradictory".
Britain is expected to publish a long-delayed report into Russian
influence in British politics next week.
"SELFISH INTERESTS"
British foreign minister Dominic Raab said it was "completely
unacceptable" for Russian intelligence services to target work on
the pandemic.
"While others pursue their selfish interests with reckless behaviour,
the UK and its allies are getting on with the hard work of finding a
vaccine and protecting global health," he said in a statement. He
said Britain would work with allies to hold perpetrators to account.
The NCSC said the group's attacks were continuing and used a variety
of tools and techniques, including spear-phishing and custom
malware.
[to top of second column] |
"APT29 is likely to continue to target organisations involved in COVID-19
vaccine research and development, as they seek to answer additional intelligence
questions relating to the pandemic," the NCSC statement said.
The U.S. Department of Homeland Security and U.S. Cyber Command also released
technical information on Thursday about three hacking tools being deployed by
the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.
Private sector cybersecurity researchers who had spotted the WELLMESS malware
over the last year were unaware of its Russian origins until Thursday.
In several cases, WELLMESS was found within U.S. pharmaceutical companies, said
three investigators familiar with the matter, who spoke on condition of
anonymity to discuss confidential information. The tool allowed the hackers to
stealthily gain remote access to secure computers. They declined to name the
victims.
Britain and the United States said in May that networks of hackers were
targeting national and international organisations responding to the pandemic.
But such attacks have not previously been explicitly connected to the Russian
state.
(Additional reporting by Elizabeth Piper in London and Andrew Osborn and
Gabrielle Tétrault-Farbe in Moscow; editing by Stephen Addison, William Maclean
and Cynthia Osterman)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
