Russian hackers are targeting organizations involved in COVID-19 vaccine development, according to an alert published Thursday by the UK-based National Cyber Security Centre.
The group detailed activities of the threat group known as APT29, which has exploited organizations globally and is connected to interference in the 2016 U.S. election.
APT29’s “campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare, and energy targets to steal valuable intellectual property,” said the alert.
The NCSC assesses that APT29, also named “the Dukes” or “Cozy Bear,” almost certainly operates as part of Russian intelligence services. This assessment is supported by the U.S. Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) and the Canadian Communication Security Establishment (CSE).
The hackers used malware known as “WellMess” and “WellMail” in order to gain access to researchers’ computers.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC Director of Operations Paul Chichester.
“We would urge organizations to familiarise themselves with the advice we have published to help defend their networks.”
It’s not clear how successful the hackers have been to date.
In April, CNN reported on a growing wave of cyberattacks on U.S. government agencies and medical institutions leading the COVID-19 response by national states and criminal groups.
Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit.
The Department of Health and Human Services, which oversees the Centers for Disease Control and Prevention, has also been struck by a surge of daily strikes, an official with direct knowledge of the attacks previously told CNN.
Russia and China were the primary culprits, the official said.
COVID-19 has highlighted many security problems, whether it’s the vulnerable computers of people working at home or the large systems in health care and government.
“The COVID-19 pandemic has cybersecurity relevance because it has generated sobering reminders of long-standing problems, unresolved controversies, and unheeded warnings that continue to characterize U.S. cybersecurity,” wrote David P. Fidler in an article posted this spring by the Council on Foreign Relations.
For more reading, “Coronavirus and Cybercrime: a Perfect Storm?” on The Crime Report.