Russian hackers targeting UK coronavirus vaccine labs, intelligence service reveals

Mirror

16th July, 2020 07:11:00 printer

Russian hackers targeting UK coronavirus vaccine labs, intelligence service reveals

Russian hackers are targeting British research laboratories trying to find a coronavirus vaccine, spooks revealed today.
The state-backed APT29 group, also known as “Cozy Bear” and “The Dukes”, has tried to steal information from centres around the world, the National Cyber Security Centre warned.

In a joint announcement with counterparts in the US and Canada, NCSC experts accused Moscow of attempting to rip off “intellectual property” so Russia can develop a Covid-19 inoculation at the same time as or even before western researchers.

Though the NCSC – part of the UK's GCHQ eavesdropped station – would not identify organisations targeted, they are thought to include Oxford University and Imperial College London, both of which have high-profile vaccine development programmes.

NCSC operations director Paul Chichester, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
The attacks began in late winter as the globe began to be gripped by coronavirus.

Experts believe the Russians have tried to exploit VPN connections used by workers to link them in a network.

Today's announcement came jointly with the Canadian Communication Security Establishment, the US Department for Homeland Security, the Cybersecurity Infrastructure Security Agency and the National Security Agency.

It is the first time NCSC has pointed the finger at APT29.
The NCSC added: “APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property.”

The centre has issued an advisory warning of the threat from the group, which it says “almost certainly operates as part of Russian Intelligence Services”.
The 14-page advisory says: “The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.

“Throughout 2020, APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.
“APT29 is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations globally.

“This includes those organisations involved with Covid-19 vaccine development.

“WellMess and WellMail have not previously been publicly associated to APT29.”


Top