Cozy Bear: The Russian hacking group trying to steal the UK's coronavirus vaccine

Established cyber criminals also known as APT29 were involved in obtaining and disseminating US Democrat emails in 2016, but in recent months their activities have been overwhelmingly focused on Covid-19 research

Kim Sengupta
Defence Editor
Thursday 16 July 2020 23:25 BST
Enough coronavirus vaccine doses for everyone in UK 'in first half of next year' if trials succeed, research chief says

The hacking of British research into a coronavirus vaccine was allegedly carried out by a Russian cyber group which was also involved in stealing and disseminating information from Democratic Party computers in the run-up to the 2016 US election which put Donald Trump in the White House.

The group APT29, also known as Cozy Bears, was named by the UK’s National Cyber Security Centre (NCSC) as being behind the targeting of British, American and Canadian organisations involved in missions to find a counter to the pandemic.

Scientists at Oxford University and London’s Imperial College are at present leading the research into finding a vaccine for Covid-19 and the UK has recently been earmarked, say security officials, for attacks by groups connected to the Kremlin.

Cozy Bear, linked to the Russian intelligence service FSB as well as the military intelligence arm GRU, is said to have developed new types of malware packages for attacks codenamed “Operation Ghost” by western security officials. Their targets in the US have included the Pentagon and the State Department during the Obama administration, and Norwegian and Dutch ministries in 2017.

The group’s activities in recent months have been devoted to research into coronavirus, according to security officials. The NCSC, which is part of GCHQ, the British government’s communications headquarters, has previously warned of advanced persistent threat (APT) hackers carrying out attack related to coronavirus both in Britain and abroad.

The UK became linked to the hacking of the Democratic Party emails with claims that Julian Assange, then seeking refuge in the Ecuadorian embassy in London, worked with the Russians to make them public, an act which greatly damaged Hillary Clinton’s campaign and helped that of Mr Trump. Mr Assange has denied the accusations.

Roger Stone – who it was said by special counsel Robert Mueller’s investigation into Russian interference into the US election had been in liaison with Mr Assange – last week had his prison sentence commuted by Mr Trump. Mr Assange remains incarcerated at the maximum security Belmarsh prison, facing extradition to the US and a possible 150-year sentence on separate charges of hacking Pentagon computers.

Meanwhile, the threat of illicit attacks on Covid-19 related matters is likely to continue, says the NCSC. The Cyber Centre said that it was 95 per cent sure that APT29 is part of Russian intelligence services, an assessment supported by the Canadian Communication Security Establishment, the US Department for Homeland Security, the Cybersecurity Infrastructure Security Agency, and the National Security Agency (NSA).

The NCSC concluded in a report: “APT29 is likely to continue to target organisations involved in Covid-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”

Paul Chichester, NCSC director of operations, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”

Dominic Raab, the foreign secretary, declared that it was “completely unacceptable” for Russian intelligence services to target research on the Covid-19 pandemic.

He said: “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”

In the US, Anne Neurberger, the director of cyber security at the NSA said: “We, along with our partners, remains steadfast in our commitment to protecting national security by collectively issuing this critical cyber security advisory as foreign actors continue to take advantage of the ongoing Covid-19 pandemic,

APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organisations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.”

In Moscow, Russian government spokesman Dmitry Peskov insisted: “We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain. We can say one thing – Russia has nothing at all to do with these attempts. We do not accept such accusations.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in