Russia is trying to steal COVID-19 vaccine research from the US, UK, and Canada by hacking into drug companies, according to intelligence officials.
On Thursday, the UK’s National Cyber Security Centre issued an advisory about the ongoing hacking campaign, which has involved spear-phishing email attacks, malware, and exploiting vulnerabilities in VPN products.
Cyber authorities in the UK and Canada blame the attacks on a notorious hacking group known as APT 29 or Cozy Bear, which Western intelligence agencies have tied to the Russian government. In 2016, the group made headlines for breaching the Democratic National Committee (DNC) and passing stolen data to WikiLeaks.
Today’s advisory from the UK was endorsed by the US National Security Agency and the Department of Homeland Security, which both agreed with the findings.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” UK Foreign Secretary Dominic Raab said in a statement.
The advisory itself doesn’t mention how the UK attributed the attacks to the Russian hackers. The 14-page document is instead focused on different techniques APT 29 has been using to target COVID-19 vaccine developers. A go-to method has involved scanning the target’s computer networks for publicly known vulnerabilities, and then trying to exploit them.
In particular, Russian hackers have been adept at attacking vulnerabilities in networking and VPN software from Citrix, Pulse, and Fortinet to help them break into victim organizations. Another tactic has involved using spear-phishing email attacks to steal login passwords from employees at the organizations.
Once inside the victim’s networks, the hackers will install malware to maintain access. UK authorities identified two of the malware strains involved, which have been “WellMess” and “WellMail.” Both can execute commands on an infected computer, including uploading and downloading files.
The advisory goes on to say the APT 29 has been targeting vaccine research in the UK, US, and Canada. As a result, authorities in the affected countries are urging drug companies and medical organization to better safeguard their networks from the attacks.
The Kremlin has yet to respond to the allegations. But the Russian government has routinely denied any involvement in computer hacking.