Update (July 21): Today, the US Justice Department issued an indictment against two Chinese hackers linked to the country's intelligence services for attempting to steal proprietary COVID-19 vaccine information, The New York Times reports.
A hacking group affiliated with the Russian government is targeting academic institutions and pharmaceutical companies worldwide to glean information on COVID-19 vaccine research, according to Western powers. Intelligence officials from Britain, the United States, and Canada released a joint report this week condemning Cozy Bear—the same group responsible for email hacking during the 2016 US presidential election—for its use of malware to gain access to secure computers.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, the director of operations for Britain’s National Cyber Security Centre (NCSC), says in a statement released alongside the report. The document goes on to state that Cozy Bear is “almost certainly” operating as “part of Russian intelligence services.”
While the report did not identify particular groups targeted by the hackers or release details about what, if anything, had been stolen, attacks were said to have been carried out in the US, UK, and Canada, with Reuters reporting that Cozy Bear malware had also been used in Japan, China, and Africa in the last year.
US and UK intelligence officials had first warned in a statement back in May that the increase in telework brought on by the pandemic could leave more people susceptible to cyberattacks. In the statement Chichester said, “we recommend healthcare policy makers and researchers take our actionable steps to defend themselves,” although he made no mention of Russian interference specifically.
At a cybersecurity conference held last month, Tonya Ugoretz, a deputy assistant director with the FBI’s cyber division, spoke about how the pandemic has complicated the motivations behind these attacks. In addition to “profit-motivated criminals,” she said, foreign governments had “their own urgent demands for information about the pandemic and about things like vaccine research,” the Associated Press reports.
The hacking group Cozy Bear has been described by government officials as “aggressive” and “nothing if not flexible,” BBC News reports, constantly changing its methods to evade detection. In the most recent attacks, the group deployed malware called WELLMAIL, SOREFANG, and WELLMESS, the latter of which was found within multiple US pharmaceutical companies, according to three investigators who spoke to Reuters on condition of anonymity.
In other instances, Cozy Bear used phishing or spear phishing attacks that use fake emails to trick people into providing sensitive information. Spear phishing in particular targets a specific person, appearing to come from a trusted contact. These emails often include personal details meant to make the message more convincing.
Dmitry Peskov, President Vladimir Putin’s spokesman, denied the government’s involvement in any state-sponsored hacking. “We don’t know who tried to carry out the hacking attacks in the United Kingdom, but Russia certainly has nothing to do with it,” he said, speaking to the state news agency Tass. “We strongly reject these groundless accusations against us.”