The U.S., U.K. and Canada today issued a joint advisory warning that a hacking group linked to Russian intelligence services is targeting COVID-19 related research.

The advisory was written by the U.K. National Cyber Security Center and Canada’s Communications Security Establishment with support from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency. It points the finger at advanced persistent threat or APT group 29, also known as Cozy Bear. The hacking group is the same one believed to be behind that hacking and theft of a database belonging to the Democratic National Committee in 2016.

APT 29 is said to be using a variety of tools and techniques to target various organizations involved in COVID-19 vaccine development to steal information and intellectual property related to the development and testing of the vaccines.

The infection vectors starts with the group using publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems with an effort to obtain authentication credentials. In the targeted COVID-19 campaign, Cozy Bear is conducting vulnerability scanning against external IP addresses owned by drug companies and other organizations. Once a way in is found, the group deploys exploits against the vulnerable services it has identified.

Specific tools being used include custom malware known as “WellMess” and “WellMail” to continue ongoing operations on a victim’s system.

U.K. foreign secretary Dominic Raab didn’t hold back in his condemnation of the hacking, saying in a statement it is “completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic.”

“While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health,” Raab added. “The U.K. will continue to counter those conducting such cyberattacks and work with our allies to hold perpetrators to account.”

James Carder, chief security officer and vice president at security intelligence company LogRhythm Inc., told SiliconANGLE that “securing COVID-19 research centers has become crucial since they’re a target for nation-state hackers seeking to benefit from the pandemic.

“Just this past May, the FBI issued a warning that Chinese hackers have attempted to steal U.S. coronavirus vaccine information,” Carder said. “For years, China and Russia have stolen research and other types of valuable data to further their own advancements, and it is clear that cybercriminals adapt and change to what is most important to their government. In this case, being the first country to develop a vaccine would result in not only the protection of their people but also a political and economic advantage.”

Richard Cassidy, senior director, security strategy at security management platform provider Exabeam Inc., noted that the recent rise in geopolitical tensions is no surprise.

“Healthcare has always been a prime target for nation-states, and malicious actors are well-equipped to hunt for valuable intellectual property related to vaccines and research,” Cassidy explained. “Ransomware and phishing have been the tools of choice for cybercriminals for many years and are still being leveraged by nation-state groups. We’ve already seen how these attacks can bring the U.K. National Health Service to its knees very quickly. This is something we cannot afford to happen again — particularly under the current circumstances.”

Photo: Pixabay