A day ago, a news aired around that the Russian cyber hackers are after the organizations involved in the development of coronavirus vaccine, the security officials in the United States, Canada, United Kingdom claimed Thursday.
— NCSC UK (@NCSC) July 17, 2020
The British NCSC (National Cyber Security Centre) published an advisory explaining the activity of the threat group called APT29, that “has exploited organizations globally.” The NCSC assessed APT29, also known as “Cozy Bear” or “the Dukes,” operates a part of Russian Intelligence Services. This assessment was supported by the CSE (Canadian Communications Security Establishment), the CISA (Cybersecurity Infrastructure Security Agency), the U.S. Department of Homeland Security (DHS) and the NSA (National Security Agency).
As per researchers, the first tested coronavirus vaccine in the U.S. yielded antibodies in patients
Dominic Raab, the Foreign Secretary in the United Kingdom, said in a statement, “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their slfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
Also, in a press release, an announcement was made by the NCSC, claiming, “APT29’s campaign of malicious activity is ongoing, predominately against the government, think-tank, diplomatic, health care and energy targets to steal valuable intellectual property.”
The NCSC’s director of operations, Paul Chichester, “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”
And, Chichester even urged “organizations to familiarize themselves with the advice we have published to help defend their networks.”
To test coronavirus vaccine, Chinese state-run drug company used workers as guinea pigs.
Wha does the NCSC say?
The NCSC talked about their certainty of APT29 being a part of Russian Intelligence Sevices. It also reported that there is 80-90% of the possibility that the activity involved collecting information on COVID-19 vaccine research or research.
The continuous attacks are noticed by the intelligence officials and considered an effort to access the intellectual property, rather than to disrupt research. However, this has never been a clear sign of any confidential information being stolen or compromised.
Coxy bear or “the Dukes” is identified as one of the two hacking groups linked to the Russian government. The identification was made by Washington that claimed the group stole emails before the 2016 presidential election by breaking into the Democratic National Committee computer network. The other group is called Fancy Bear.
Previously, the NCSC warned that APT groups or Advanced Persistent Threats groups, as it is called, have kept the organizations involved in both international and national Covid-19 responses as targets. Possibly or on believing the reports, the targets include American, Canadian and British vaccine research and development organizations.
According to the claims by the intelligence officials, variety of techniques and tools were used by the groups. These tools included, custom malware called WellMail and WellMess and also included spear phishing.
However, there was no statement that suggested the involvement of Vladimir Putin, the Russian president in the process of vaccine research hacking. U.S authorities have leveled for several months now continuing the accusation against the Chinese government.
Last week, Chris Wray, the FBI Director said, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”