WASHINGTON — Russian hackers are attempting to steal coronavirus vaccine research, the American, British and Canadian governments said Thursday, opening a dangerous new front in the cyberwars and intelligence battles between Moscow and the West.
The National Security Agency said APT29, the hacking group known as Cozy Bear and associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and trying to steal intelligence on vaccines from health care organizations.
The Russian hackers have been targeting British, Canadian and American organizations using spear-phishing and malware to try to get access to the research as well as information about medical supply chains.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the director of operations for Britain’s National Cyber Security Center.
The Russians are not alone in trying to steal vaccine information from the United States and other countries. The U.S. government has previously warned about efforts by China and Iran to steal vaccine research.
There was likely little immediate damage to global public health, said Mike Chapple, an associate professor who teaches cybersecurity at the University of Notre Dame and a former Air Force intelligence officer.
“The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road,” he said.
Cozy Bear is one of the highest profile, and most successful, hacking groups associated with the Russian government. It was implicated alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously,” said Anne Neuberger, the National Security Agency’s cybersecurity director.
While the ties between Cozy Bear and Russian spy services are not always clear, the National Security Agency called Cozy Bear a Russian intelligence group on Thursday and the British government said that the hackers are almost certainly part of the Russian intelligence services.
The American government did not say how much vaccine information the Russian group has stolen, or what damage to research efforts the hacking may have caused. Some officials suggested the attacks have not been hugely successful, but are widespread enough to warrant a coordinated international warning.
The three governments’ cyberdefense arms published advisories aimed at helping health care organizations bolster their computer network defense.
The National Security Agency and the British cybersecurity center declined to identify victims of the hacks, although academic organizations and labs doing vaccine research appear have been their focus. Imperial College London, which has taken a leading role in Covid-19 research, issued a statement saying it takes appropriate security measures and has “benefited from government advice” to provide extra protection for its vaccine work.
The Coronavirus Outbreak ›
Frequently Asked Questions
Updated July 16, 2020
Is the coronavirus airborne?
- The coronavirus can stay aloft for hours in tiny droplets in stagnant air, infecting people as they inhale, mounting scientific evidence suggests. This risk is highest in crowded indoor spaces with poor ventilation, and may help explain super-spreading events reported in meatpacking plants, churches and restaurants. It’s unclear how often the virus is spread via these tiny droplets, or aerosols, compared with larger droplets that are expelled when a sick person coughs or sneezes, or transmitted through contact with contaminated surfaces, said Linsey Marr, an aerosol expert at Virginia Tech. Aerosols are released even when a person without symptoms exhales, talks or sings, according to Dr. Marr and more than 200 other experts, who have outlined the evidence in an open letter to the World Health Organization.
What are the symptoms of coronavirus?
What’s the best material for a mask?
Is it harder to exercise while wearing a mask?
- A commentary published this month on the website of the British Journal of Sports Medicine points out that covering your face during exercise “comes with issues of potential breathing restriction and discomfort” and requires “balancing benefits versus possible adverse events.” Masks do alter exercise, says Cedric X. Bryant, the president and chief science officer of the American Council on Exercise, a nonprofit organization that funds exercise research and certifies fitness professionals. “In my personal experience,” he says, “heart rates are higher at the same relative intensity when you wear a mask.” Some people also could experience lightheadedness during familiar workouts while masked, says Len Kravitz, a professor of exercise science at the University of New Mexico.
What is pandemic paid leave?
- The coronavirus emergency relief package gives many American workers paid leave if they need to take time off because of the virus. It gives qualified workers two weeks of paid sick leave if they are ill, quarantined or seeking diagnosis or preventive care for coronavirus, or if they are caring for sick family members. It gives 12 weeks of paid leave to people caring for children whose schools are closed or whose child care provider is unavailable because of the coronavirus. It is the first time the United States has had widespread federally mandated paid leave, and includes people who don’t typically get such benefits, like part-time and gig economy workers. But the measure excludes at least half of private-sector workers, including those at the country’s largest employers, and gives small employers significant leeway to deny leave.
The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”
The Russian group has not previously used that malware, according to British officials. But American officials said they were confident in attributing the attacks to the Russian hacking group.
American officials declined to comment on the precise intent of the Cozy Bear hack.
A spokesman for the Russian Embassy in Washington did not immediately respond to a request for comment.
Outside experts said it appeared that the Russians were simply copying information, not trying to damage the research organizations.
“It wouldn’t surprise me if intelligence services of all nations are doing this same kind of thing and using the information to advance their research against coronavirus,” said Mr. Chapple.
The three governments said Cozy Bear used recently published exploits to gain a foothold. If organizations do not immediately patch a vulnerability after a software company makes it public along side a fix, corporate networks can be vulnerable.
Once Cozy Bear uses the malware to get access they create legitimate credentials to maintain access to a system even after it is patched.
David D. Kirkpatrick and Stephen Castle contributed reporting.