The UK, US, and Canada have discovered hackers working on behalf of the Russian state launching attacks against coronavirus vaccine-development projects.
WIRED UK
This story originally appeared on WIRED UK.
Criminals working for the hacking group Advanced Persistent Threat 29 (APT29), also known as Cozy Bear, have been caught attacking pharmaceutical businesses and academic institutions involved in vaccine development. Officials in the three countries believe these have been attempts to steal intellectual property and information about potential vaccine candidates.
The hackers used “custom malware” that’s not been previously linked to Russia and a number of publicly known vulnerabilities in widely used software, such as VPNs. These have been accompanied with spear-phishing attempts that have looked to gather login details to “internet-accessible” parts of the organizations targeted.
They’re so confident that the attacks are emanating from Russia that the UK’s National Cybersecurity Centre (NCSC), Canadian Communication Security Establishment, and various US security agencies, including the NSA and Department for Homeland Security, have decided to publicly call out APT29. The public shaming is the latest in an increasingly hostile approach to hacker groups working on behalf of Russia, and it comes at the same time as an admission from the UK government that Russia tried to influence the 2019 general election.
APT29 is widely believed to be linked to the Russian intelligence services and has been involved in many cyberattacks in recent years, includ
