Hackers linked to Russia’s state intelligence agencies are attempting to steal secret research on coronavirus vaccines from UK labs, the National Cyber Security Centre has said.
In a co-ordinated announcement with security agencies in the US and Canada, the NCSC pointed the finger at an established hacker group known as APT29, Cozy Bear or The Dukes.
And for the first time since the shady group’s existence became known, the allied agencies said that APT29 is “almost certainly” operating as part of Russian intelligence services.
Download the new Independent Premium app
Sharing the full story, not just the headlines
It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.
The attacks form part of a pattern which has seen both state and criminal organisations shift cyber activity to target potentially valuable intellectual property relating to vaccines and treatments for Covid-19 during the pandemic.
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
Known targets of APT29 include UK, US and Canadian vaccine research and development organisations.
The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
The campaign is not believed to be related to a separate attempt by unidentified “Russian actors” to interfere in December’s election by disseminating details of the government’s trade talks with the US, revealed by foreign secretary Dominic Raab today.
Speaking after the NCSC announcement, Mr Raab called for an end to cyber attacks by Russian intelligence services.
“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” said the foreign secretary.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
It is unclear whether hackers have been successful in obtaining any scientific information from UK labs in the attacks, which are still believed to be ongoing. But it is not thought that they have targeted the personal information of individuals working in the institutions.
Send your news and stories to us firstname.lastname@example.org or email@example.com and WhatsApp: +447747873668.
Before you go...
Democratic norms are being stress-tested all over the world, and the past few years have thrown up all kinds of questions we didn't know needed clarifying – how long is too long for a parliamentary prorogation? How far should politicians be allowed to intervene in court cases? To monitor these issues as closely as we have in the past we need your support, so please consider donating to The Climax News Room.