Russian hackers trying to steal coronavirus vaccine research, intelligence agencies say

  • >>Julian E Barnes, The New York Times
    Published: 2020-07-16 20:33:40 BdST

A researcher at the University of Pittsburgh works on a COVID-19 vaccine candidate, a fingertip-sized patch with dissolvable microscopic needles, in Pittsburgh, Pennsylvania, US, March 28, 2020. UPMC/Handout via REUTERS

Russian hackers are attempting to steal coronavirus vaccine research, the US, British and Canadian governments said Thursday, opening a dangerous new front in the cyberwars and intelligence battles between Moscow and the West.

The National Security Agency said APT29, the hacking group known as Cozy Bear which is associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and targeting health care organisations seeking to steal intelligence on vaccines.

The Russian hackers have been targeting British, Canadian and American organisations researching vaccines against COVID-19. The hackers have been using spear-phishing and malware to try to get access to the research.

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, director of operations for Britain’s National Cyber Security Centre.

Cozy Bear is one of the most high profile, and successful, hacking groups associated with the Russian government, and was implicated alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.

“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organisations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, the NSA’s cybersecurity director.

The British and Canadian governments said Thursday that Cozy Bear is almost certainly part of the Russian intelligence services.

The two government’s cyberdefense arms published advisories aimed at helping health care organisations bolster their computer network defence.

The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”


©2020 The New York Times Company