Russia accused of trying to hack into Covid-19 vaccine research in the UK, US and Canada
APT29 group is using publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, NCSC warns
The UK, US and Canada have accused Russia of attempting to hack into the ongoing research on development and testing of coronavirus vaccine.
In an alert issued on Thursday, UK's National Cyber Security Centre (NCSC) said that Russia-backed advanced persistent threat group APT29 is currently targeting British labs in efforts to "steal valuable intellectual property" on Covid-19 vaccine.
The deadly Covid-19 virus has already killed more than 585,000 people worldwide, and all hopes have now turned to a vaccine to finally bring the onslaught to an end.
Britain is one of the few countries that have entered into the human trial phase for the vaccine. According to media reports, a vaccine being developed by the University of Oxford has shown potentially positive results.
NCSC said that in the last six months, APT29 group has specifically targeted biomedical research organisations through 'WellMail' and 'WellMess' malware. The agency said that it was almost certain that APT29 is part of the Russian intelligence services and has been attacking research institutions with the intent of stealing information related to the development and testing of coronavirus vaccines.
The US and Canada, whose labs were also targeted by hackers, also backed the agency's assessment.
APT29, also known as 'Cozy Bear' and 'the Dukes', has predominantly targeted diplomatic, governmental, energy, and healthcare organisations in recent years.
"The group frequently uses publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, likely in an effort to obtain authentication credentials to allow further access," NCSC said.
"This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value."
In recent attacks, APT29 conducted basic vulnerability scanning against specific external IP addresses owned by research organisations and then deployed public exploits against the vulnerable services identified, the British agency said.
The group is thought to have gained initial footholds using recently published exploits for vulnerabilities, such as (but not limited to):
- CVE-2019-19781 (Citrix)
- CVE-2018-13379 (FortiGate)
- CVE-2019-11510 (Pulse Secure)
- CVE-2019-9670 (Zimbra)
Britain's Foreign Secretary Dominic Raab described the targeting of the people working to discover a coronavirus vaccine as "completely unacceptable".
In a statement, Kremlin spokesman Dmitry Peskov rejected the accusations as "groundless".
"We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain," Peskov said.
"We can say one thing - Russia has nothing at all to do with these attempts," he added.