U.K., U.S. and Canada report that Russian cyberspies are trying to steal vaccine research
Russian #Russian
“We would urge organizations to familiarize themselves with the advice we have published to help defend their networks,” Chichester said in a statement.
In an advisory published Thursday, the NCSC said that a group named APT29, also known as “the Dukes” or “Cozy Bear,” had targeted British, American and Canadian vaccine research and development organizations.
The British government said it was 95 percent certain that APT29 was part of the Russian intelligence services. U.S. and Canadian experts concurred.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, cybersecurity director for the U.S. National Security Agency, in a statement.
It was highly likely that the group was trying to collect information on vaccine development or research on the virus itself, Britain’s Foreign and Commonwealth Office said in a statement.
The Russian spying is ongoing, with British, American and Canadian cyber experts working to defend laboratories and research data, according to the Government Communications Headquarters, commonly known as GCHQ, Britain’s intelligence and security branch.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” British Foreign Secretary Dominic Raab said.
Raab added: “While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The World Health Organization reports that of the more than 160 vaccines being developed, 23 have begun clinical trials in humans, including top candidates being developed by academics, national laboratories and pharmaceutical companies in Britain, Canada and the United States.
Russia is developing 26 vaccines, Russian Deputy Prime Minister Tatyana Golikova said Wednesday, but only two are undergoing clinical trials. A month-long trial on 38 people for one of the vaccines concluded this week, and Kirill Dmitriev, head of the Russian Direct Investment Fund, the country’s sovereign wealth fund, told reporters that a larger trial with several thousand people is expected to begin in August.
“We will produce 30 million doses of the vaccine in Russia, or 50 million if necessary, which means that Russia may complete vaccinations early next year,” Dmitriev said.
Yet despite their own efforts, the British cyber sleuths say the Russians are cheating.
The Russian hackers in APT29 are well known to cyber experts. The group was one of the two Russian intelligence actors that hacked Democratic National Committee servers during the 2016 U.S. presidential campaign.
U.S. intelligence officials say that APT29 is part of the SVR, Russia’s equivalent of the CIA. That outfit infiltrated the DNC servers in summer 2015, many months before the Russian military spy agency GRU did, investigators said.
“They quietly steal information from their targets, and if you are hit by this actor you may never know it,” said John Hultquist, director of intelligence analysis for the cybersecurity firm FireEye. “It’s not going to be some hack and leak or destructive operation. We’re talking about a quiet intelligence collection operation where Russia quietly leverages the research of others to advance their own.”
The allegations of Russian spying on virus researchers comes two months after the FBI and Department of Homeland Security warned that China was also targeting covid-19 research, and that health-care, pharmaceutical and research labs should take steps to protect their systems.
“The biggest thing to keep in mind is Russia’s not alone,” Hultquist said. “This is an existential threat to almost every government on Earth, and for Russia, China and Iran, we can expect that tremendous resources have been diverted from other tasks to focus on stealing research.”
Britain’s foreign secretary told a parliamentary intelligence committee Thursday that “Russian actors” sought to interfere in the United Kingdom’s 2019 general election by acquiring unpublished documents used in trade talks between the United States and Britain, and then leaking the material via social media.
“Sensitive government documents relating to the UK-US Free Trade Agreement were illicitly acquired before the 2019 General Election and disseminated online via the social media platform Reddit,” Raab said in a written statement to Parliament.
The foreign secretary added, “It is almost certain that Russian actors sought to interfere in the 2019 General Election through the online amplification of illicitly acquired and leaked Government documents.”
Responding to British charges of meddling in its 2019 elections, Russian Foreign Ministry spokeswoman Maria Zakharova told reporters, “The statement is so vague and contradictory that it’s almost incomprehensible.”
After the trade documents emerged online, they were used during the December 2019 election by the opposition Labour Party and its leader, Jeremy Corbyn, who accused Prime Minister Boris Johnson and his Conservative Party of preparing to “sell off” precious access to the National Health Service to U.S. companies.
The charges were hot-button at the time but did not change the outcome: Johnson won the election in a landslide.
A much-delayed report into allegations of wider Russian interference in Britain’s democracy is due next week.
Nakashima and Taylor reported from Washington. Isabelle Khurshudyan in Moscow contributed to this report.