A headline like Government Accuses Russian Hackers of Stealing Pharmaceutical Secrets sounds like it belongs in a novel, but in the year 2020, it’s actually hitting our live feeds and circulating through every media outlet in the country.
What you’re reading is true: Britain, Canada, and the United States have joined forces to accuse Russian hackers of attempting to steal information from researchers and pharmaceutical companies rushing to develop a COVID-19 vaccine.
Hacking Group APT29 Blamed for Attack
The hacking group APT29, also known as Cozy Bear, is believed to be attacking academic and drug research institutions involved in the coronavirus vaccine race. Though it’s not yet known which companies have been targeted or whether any vaccine information was stolen, Britain’s National Cybersecurity Centre stated that APT29 is “almost certainly” connected to Russia’s intelligence services.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ Dominic Raab, Britain’s foreign secretary, said in a statement.
A Prolonged Campaign of “Malicious Activity”
Britain’s National Cybersecurity Centre didn’t go into too much detail, but it did state that agents detected “malicious activity” over the course of a prolonged campaign. These attacks were targeted “predominantly against government, diplomatic, think-tank, healthcare and energy” organizations.
According to an advisory released by Britain, the U.S, and Canada, Cozy Bear hackers developed a customized malicious software to target these organizations across the globe. The malware, called WellMail or WellMess, is new.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
Russia, for its part, disputes the accusations. “We do not have information about who may have hacked into pharmaceutical companies and research centers. We can say one thing: Russia has nothing at all to do with these attempts,” said Dmitry Peskov, a spokesman for President Vladimir Putin, according to Russia’s Tass news agency.
The Russians Aren’t the First to Attempt COVID-Relating Hacking
Unfortunately, the Russians aren’t the only ones accused of using hackers to steal critical COVID-19 vaccine information. Back in May, U.S officials warned that China had targeted researchers working on clinical research for the coronavirus.
In a joint announcement, the FBI and the DHS Cybersecurity and Infrastructure Security Agency (CISA) said they were investigating claims Chinese hackers were looking to “identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments and testing from networks and personnel affiliated with Covid-19-related research.”
As with the alleged Russian hacking, no specific targets were named, but pharmaceutical giants like Johnson & Johnson insisted their infrastructures “are protected for that, we are organized to fend that off.”