A Russian hacking group is reportedly targeting organizations carrying out research on a COVID-19 vaccine, according to intelligence agencies from the U.S., U.K., and Canada.
In an advisory published Thursday by the UK National Cyber Security Centre (NCSC), security officials warned that a hacking group called APT29 (also called “the Dukes” or “Cozy Bear”) is targeting health care organizations in the three countries.
The group is using malware and spear-phishing attacks to try to steal coronavirus vaccine research. Officials didn’t say how much vaccine information the Russian group has stolen or how the group’s actions have impacted research efforts.
"APT29's campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property," a press release on the advisory said.
History of hacking
The hacking group previously carried out a phishing attack on Hillary Clinton’s campaign chairman John Podesta in 2016.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously,” said Anne Neuberger, the National Security Agency’s cybersecurity director.
Dominic Raab, the U.K.’s foreign secretary, said it’s “completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.”
“While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health,” Raab said in a statement, adding that the U.K. will "continue to counter those conducting such cyber attacks.”
The NSA said it remains “steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic.”