US, UK, And Canada Warn About Cyber Threats From Russian Attackers
Security officials from the US, UK, and Canada are all warning about cyber threats from Russian attackers who are targeting organizations involved in coronavirus vaccine development, according to a report by CNN.
The UK National Cyber Security Centre (NCSC) published an advisory warning against a group called APT29, which also goes by the name of “the Dukes” or “Cozy Bear”. The group uses tactics like spear phishing and custom malware known as “WellMess” and “WellMail”.
"APT29's campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property," a press release on the advisory said.
The NCSC says that ATP29 is “almost certainly operate as part of Russian Intelligence Services”. The accusation is supported by the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS), Cybersecurity Infrastructure Security Agency (CISA), and the National Security Agency (NSA).
The NCSC report said, "APT29 is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic."
This is the first time APT29 has been linked to attacks related to the pandemic although they have been connected to attacks against the Democratic National Committee’s system during the 2016 election.
Russia was also accused of plans to meddle in the UK’s 2019 election, although they have continually denied interference.
Dmitry Peskov, a Kremlin spokesperson, said that Russia has “nothing to do” with the attacks.
"We do not have information regarding who could have hacked pharmaceutical companies and research centers in the UK," said Peskov. "We can say one thing — Russia has nothing to do with these attempts and we do not accept such accusations just like we don't accept yet another set of unfounded accusations of interference in the 2019 elections."
This is not the first attempt to attack organizations involved in the US’s coronavirus response. In April, there were a series of cyberattacks by nation states and criminal groups directed at government agencies and medical institutions leading the pandemic response.
Hospitals, research laboratories, health care providers and pharmaceutical companies were all targeted. The Centers for Disease Control and Prevention were also hit by cyberattacks of which China and Russia were the primary suspects.
The US is working to control the attacks.
"The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic," NSA Cybersecurity Director Anne Neuberger said.
Other countries are also working to counter the attacks.
"While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health," said British Foreign Secretary Dominic Raab, also saying that the UK will "continue to counter those conducting such cyber attacks" and work alongside allies to keep them accountable.
Read the full report here.