Newsdeck

COVID-19

Russia trying to steal COVID-19 vaccine data, say UK, U.S. and Canada

epa05792667 The new National Cyber Crime Security centre in Victoria, central London, 14 February 2017. The new centre's function is to protect the United Kingdom against cyber-attacks and act as an operational nerve centre. EPA/ANDY RAIN

LONDON/OTTAWA, July 16 (Reuters) - Hackers backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world, Britain's National Cyber Security Centre (NCSC) said on Thursday.

A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as Cozy Bear, which they said was almost certainly operating as part of Russian intelligence services.

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC Director of Operations Paul Chichester.

Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa over the last year.

Russian news agency RIA cited spokesman Dmitry Peskov as saying the Kremlin rejected London’s allegations, which he said were not backed by proper evidence.

In a separate announcement Britain also accused “Russian actors” of trying to interfere in its 2019 election by trying to spread leaked documents online. Russia’s foreign ministry said those accusations were “foggy and contradictory”.

Britain is expected to publish a long-delayed report into Russian influence in British politics next week.

“SELFISH INTERESTS”

British foreign minister Dominic Raab said it was “completely unacceptable” for Russian intelligence services to target work on the pandemic.

“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health,” he said in a statement. He said Britain would work with allies to hold perpetrators to account.

The NCSC said the group’s attacks were continuing and used a variety of tools and techniques, including spear-phishing and custom malware.

“APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic,” the NCSC statement said.

The U.S. Department of Homeland Security and U.S. Cyber Command also released technical information on Thursday about three hacking tools being deployed by the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.

Private sector cybersecurity researchers who had spotted the WELLMESS malware over the last year were unaware of its Russian origins until Thursday.

In several cases, WELLMESS was found within U.S. pharmaceutical companies, said three investigators familiar with the matter, who spoke on condition of anonymity to discuss confidential information. The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the victims.

Britain and the United States said in May that networks of hackers were targeting national and international organisations responding to the pandemic. But such attacks have not previously been explicitly connected to the Russian state. (Additional reporting by Elizabeth Piper in London and Andrew Osborn and Gabrielle Tétrault-Farbe in Moscow; editing by Stephen Addison, William Maclean and Cynthia Osterman)

Gallery

"Information pertaining to Covid-19, vaccines, how to control the spread of the virus and potential treatments is ever-changing. Under the South African Disaster Management Act Regulation 11(5)(c) it is prohibited to publish information through any medium with the intention to deceive people on government measures to address COVID-19. We are therefore disabling the comment section on this article in order to protect both the commenting member and ourselves from potential liability. Should you have additional information that you think we should know, please email [email protected]"

Please peer review 3 community comments before your comment can be posted

A South African Hero: You

There’s a 99.7% chance that this isn’t for you. Only 0.3% of our readers have responded to this call for action.

Those 0.3% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.3%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options

MavericKids vol 3

How can a child learn to read if they don't have a book?

81% of South African children aged 10 can't read for meaning. You can help by pre-ordering a copy of MavericKids.

For every copy sold we will donate a copy to Gift of The Givers for children in need of reading support.