While researchers are scrambling to develop a vaccine for the, Russian hackers have been working to steal it, officials from the UK, US and Canada said Wednesday.
In a joint statement from the UK’s National Cyber Security Centre, Canada’s Communication Security Establishment and the US Cybersecurity Infrastructure Security Agency and National Security Agency, they said that Russian hackers are carrying out cyberattacks against the health care and energy industries in attempts to steal information about coronavirus vaccine efforts.
The government agencies pinned the attacks on Cozy Bear (APT29), the same Russian intelligence hacking group behind the attacks against the Democratic National Committee during the US presidential election in 2016.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the UK’s NCSC director of operations.
The pandemic has gripped countries around the world, with more than 13 million confirmed cases as of July 16, and 585,000 deaths. Cases continue to spike in the US, while other nations are getting their outbreaks under control. A vaccine for the disease will play a key role in ending the pandemic, and researchers are racing to develop at least one.
Countries that may not have enough resources or researchers to develop one on their own are apparently looking to steal information from nations working on a vaccine. The US, UK and Canada released more details on Thursday, alleging that Russian hackers are using custom malware and phishing attacks against vaccine researchers in their countries.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” UK Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The Russian embassy declined to comment.
In a statement, Rep. Adam Schiff, the chairman of the House Intelligence Committee, said the committee would be seeking a briefing on the Russian hacking efforts.
“There is no issue more critical to the health and safety of our nation and its citizens right now than testing, tracing, treating, and vaccinating against the threat of COVID-19,” Schiff said. “The consequences are literally life and death.”
The US, UK and Canadian agencies released an advisory on Thursday that details how the hacking attempts allegedly happened. They started with widespread scans for open servers owned by their targets, and then gained access through known vulnerabilities.
The Russian hackers could have also gained access by stealing passwords and logins through targeted phishing attacks, the advisory said. Once they had access, the hackers used custom malware called WellMess and WellMail that could execute commands, upload and download files and steal information on infected devices, according to the report.
“The National Security Agency, along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” NSA Cybersecurity Director Anne Neuberger said in a statement. “APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.”
Russia is not the only nation accused of using hackers to steal information about COVID-19 vaccine research.
In May, the FBI said that Chinese hackers were attempting to steal coronavirus vaccine research, while security researchers found that Vietnamese hackers were targeting the Chinese government for information on how to deal with the coronavirus outbreak.