Russian Hackers Targeting COVID-19 Vaccine Developers, According to UK, US & Canada

A notorious hacking group with ties to Russia’s intelligence network has been targeting COVID-19 vaccine developers, according to the United States, United Kingdom, and Canadian government.

APT29, also known as ‘The Dukes’ or ‘Cozy Bear,’ has been organizing cyber attacks in an effort to steal confidential information regarding COVID-19 vaccine development and research, according to an advisory released by the UK’s National Cyber Security Centre (NCSC), Canada’s Communications Security Establishment (CSE), and the US National Security Agency.

The advisory warns that the group has been deploying spearphishing, a tactic used to trick email users into disclosing personal credentials, and custom malware called “WellMess” and “WellMail” to target organizations involved in coronavirus research. “WellMail” has not been previously named on public servers, meaning it may be a newly recognized type of malware.

“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,”  said UK Foreign Secretary Dominic Raab in a press statement. He labeled the cyber attacks “selfish” and “reckless.”

NCSC Director of Operations, Paul Chichester, further denounced the attacks:

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Chichester in a statement. “We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

The advisory urges organizations to review cybersecurity systems and protocols to avoid being compromised by the hackers. It provides “Indicators of compromise” (IOCs) – or lines of codes used to identify hacks – for the common attacks used by the group of hackers.

While APT29 has never been claimed by the Russian government, the NCSC is “almost certain (95%+) that APT29 are part of the Russian intelligence services.” However, the advisory declined to name specific organizations that had been targeted by the group.

APT29 has previously been implicated in the 2016 hack of the Democratic National Convention in the US, and the information leak was largely credited with contributing to Democratic candidate Hilary Clinton’s loss in the 2016 Presidential election.

Image Credits: Yuri Samoilov.