LONDON — Hackers from Russia’s intelligence services are attempting to steal coronavirus vaccine research from the United States, Canada and the United Kingdom, officials said Thursday.
The attacks have been carried out by a group called “APT29,” also known as “the Dukes” or “Cozy Bear,” which has been using malware to target various organizations involved in the industry, American, Canadian and British intelligence agencies said in a joint statement.
“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” British Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
As it has done with all hacking allegations in recent years, Russia denied it was behind the alleged attack.
“We do not have information on who might have hacked into pharmaceutical companies and research centers,” Kremlin spokesman Dmitry Peskov told Russia’s TASS news agency. “We can only say one thing: Russia has nothing to do with these attempts. We do not accept these accusations, as well as the usual accusations of interference in the 2019 (U.K.) election.”
The group blamed for the hacking attacks is well known in cybersecurity circles. U.S. intelligence services said APT29, also known as Cozy Bear, has been responsible for a slew of attacks against governments and other organizations in recent years.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
The group is “almost certainly part of the Russian intelligence services,” according to the joint statement by the United Kingdom’s National Cyber Security Centre, the U.S. National Security Agency and Canada’s Communications Security Establishment.
Throughout this year, the group focused on government and diplomatic targets, think-tanks and organizations related to energy, the statement said, adding that some of these targets were selected “likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”
Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre, told NBC News that the hackers used two techniques, phishing and scanning, to probe for weaknesses, and that the “behavior” had been noticed starting in February. He would not identify the targets, but said they were part of a “complex tapestry” of institutions across many nations that included “high-profile universities and private pharmaceutical companies.”
“The thing I can say today,” said Martin, “is that there’s no reason to believe that any of the vaccine research has been stolen. You can never give an absolute guarantee because cyber theft can be done in an undetectable way, but very often there are ways of telling when data has been exfiltrated, and we haven’t seen any sign of that.”
He said that prior to the pandemic, some of the organizations “wouldn’t have been targeted by an elite nation state group.” He said he deplored the actions of the hackers, but was not surprised by them, and that the pandemic had underlined the importance of digital security.
“Digital hygiene is everything,” said Martin.
Canada’s Communications Security Establishment said in a statement that the Russian hacks would “hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic.”
The issue of Russian interference has loomed over President Donald Trump’s time in office, with U.S. intelligence officials finding that the Kremlin worked to boost his candidacy in 2016, something Russia has always denied. This year, intelligence officials say the Russians have been continuing to interfere in American politics through disinformation on social media and other means.
Earlier Thursday, Raab, the British foreign secretary, revealed that “Russian actors” attempted to interfere with the U.K.’s nationwide election last year.
He did not identify these hackers but said in a written statement to Parliament they had attempted to amplify leaked government documents related to trade negations between the U.K. and the United States.
These documents were first publicized during a news conference by Jeremy Corbyn, then leader of the opposition Labour Party, who claimed they showed Prime Minister Boris Johnson was prepared to sell out the country’s publicly funded National Health Service for a trade deal with Trump.
The website Reddit then launched an investigation after finding the same 451-page dossier had been posted to its site as “part of a campaign that has been reported as originating from Russia.”
Matthew Bodner and Ken Dilanian