Russian hackers trying to steal COVID-19 vaccine research, intelligence agencies say
By Julian E. Barnes
Russian hackers are attempting to steal coronavirus vaccine research, the U.S., British and Canadian governments said Thursday, opening a dangerous new front in the cyberwars and intelligence battles between Moscow and the West.
The National Security Agency said APT29, the hacking group known as Cozy Bear which is associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and targeting health care organizations seeking to steal intelligence on vaccines.
The Russian hackers have been targeting British, Canadian and American organizations researching vaccines against COVID-19. The hackers have been using spear-phishing and malware to try to get access to the research.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, director of operations for Britain’s National Cyber Security Center.
Cozy Bear is one of the most high profile, and successful, hacking groups associated with the Russian government, and was implicated alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, the NSA’s cybersecurity director.
The British and Canadian governments said Thursday that Cozy Bear is almost certainly part of the Russian intelligence services.
The two government’s cyberdefense arms published advisories aimed at helping health care organizations bolster their computer network defense.
The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”Julian