Russian hackers are trying to steal research on COVID-19 vaccines, according to intelligence services in the US, UK and Canada, The National Security Agency (NSA) said a group that has been linked to Russian intelligence has targeted health care organizations in the three countries.
The group — which is known as APT29, Cozy Bear or The Dukes — is using malware and spear-phishing attacks, according to a joint advisory from the NSA, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the UK’s National Cyber Security Center (NCSC) and Canada’s Communications Security Establishment. The latter two also published guidance to help health care organizations beef up their systems’ defenses.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” Dominic Raab, the UK’s foreign secretary, said in a statement. “While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
If the name Cozy Bear sounds familiar, that’s perhaps because the group was previously linked to a successful phishing attack on Hillary Clinton's campaign chairman John Podesta in 2016. Those hackers have also been accused of targeting the Democratic National Committee, thinktanks, law enforcement and other organizations.
Russia isn’t the only country said to be complicit in attacks on health care organizations and pharmaceutical firms. In April, the US accused Chinese hackers of trying to steal vaccine research. It emerged last month that similar attacks had taken place against the UK's National Health Service. At the time, the country’s GCHQ security and intelligence agency reportedly suspected that China was involved.