Hackers linked to Russia trying to steal UK's secret coronavirus vaccine research, Cyber Security Centre says

In joint announcement, UK, US and Canadian security agencies say Cozy Bear group operating as part of Russian intelligence

Andrew Woodcock
Political Editor
Thursday 16 July 2020 14:59 BST
Coronavirus in numbers

Hackers linked to Russia’s state intelligence are attempting to steal secret research on coronavirus vaccines from UK labs, the National Cyber Security Centre has said.

In a co-ordinated announcement with security agencies in the US and Canada, the NCSC pointed the finger at an established hacker group known as APT29, Cozy Bear or The Dukes.

And for the first time since the shady group’s existence became known, the allied agencies said that APT29 is “almost certainly” operating as part of Russian intelligence services. Although neither the NCSC nor the US National Security Agency explicitly accused president Vladimir Putin of ordering the group's activities, it is thought that there is awareness of its operations at the highest levels of the Russian administration.

It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.

The attacks form part of a pattern which has seen both state and criminal organisations shift cyber activity to target potentially valuable intellectual property relating to vaccines and treatments for Covid-19 during the pandemic.

NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

Known targets of APT29 include UK, US and Canadian vaccine research and development organisations.

The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.

The campaign is not believed to be related to a separate attempt by unidentified “Russian actors” to interfere in December’s election by disseminating details of the government’s trade talks with the US, revealed by foreign secretary Dominic Raab today.

Speaking after the NCSC announcement, Mr Raab called for an end to cyber attacks by Russian intelligence services.

“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” said the foreign secretary.

Foreign secretary Dominic Raab (REUTERS/Hannah McKay)

“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.

“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”

It is unclear whether hackers have been successful in obtaining any scientific information from UK labs in the attacks, which are still believed to be ongoing. The NCSC has not stated what level of success the group had achieved, saying that its purpose is to heighten awareness of the risk which it poses and the need to take protective measures.

But it is not thought that they have targeted the personal information of individuals working in the institutions.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in