Cyber attack Against COVID-19 Research Centers

This post is also available in: עברית (Hebrew)

Russian cyber actors are targeting organizations involved in coronavirus vaccine development, according to a new warning by US, UK and Canadian security officials. An advisory published by the UK National Cyber Security Centre (NCSC) details activity by the Russian hacking group and explicitly calls out efforts to target US, UK and Canadian vaccine research and development organizations.

The Russian hacking group is called APT29, which also goes by the name “the Dukes” or “Cozy Bear.”

“APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property,” a press release on the advisory said.

Cozy Bear is one of two hacking groups linked to Russian intelligence that is believed to have accessed the Democratic National Committee’s internal systems in the lead-up to the 2016 US election, but the recent announcement is the first time this group has been named in connection to cyberattacks related to the coronavirus pandemic, according to winknews.com.

The US, UK and Canadian authorities have issued several warnings about state-backed cyberattacks against organizations involved in the coronavirus response in recent months.

Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit.

The Department of Health and Human Services – which oversees the Centers for Disease Control and Prevention — has also been struck by a surge of daily strikes, an official with direct knowledge of the attacks previously told CNN, adding that Russia and China were the primary culprits.

“The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” NSA Cybersecurity Director, Anne Neuberger, said in a statement.

“APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” she said.

The NCSC, which is the UK’s lead technical authority on cyber security and part of the UK’s Government Communications Headquarters (GCHQ), assessed that APT29 “almost certainly operate as part of Russian Intelligence Services.”