The U.S., U.K. and Canada on Thursday accused Russian state-backed hackers of attempting to steal coronavirus vaccine research.
APT29, a hacking group known as “Cozy Bear” or “the Dukes,” which government officials have said is almost certainly part of the Russian intelligence services, has been targeting British, Canadian and American health care organizations to steal intelligence on vaccines using spear-phishing and malware, security officials from all three countries warned.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, the NSA’s cybersecurity director.
Cozy Bear was implicated along with another group, Fancy Bear, in the 2016 hacking of the Democratic National Committee.
“The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” Neuberger said.
The warning is the latest of several advisories issued by the three governments in recent months raising concerns of state-backed cyberattacks against organizations involved in the coronavirus response.
Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit by a growing wave of cyberattacks by nation states and criminal groups, officials told CNN in April. The Department of Health and Human Services, which oversees the Centers for Disease Control and Prevention, has also seen a surge in daily cyberattacks, primarily from Russia and China, CNN reported.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the director of operations for Britain’s National Cyber Security Center.
The UK National Cyber Security Centre (NCSC)’s advisory warned that APT29 “is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”