Kremlin-backed Cozy Bear hackers target UK coronavirus vaccine secrets
Kremlin-linked cyber criminals have been allegedly hacking universities and organisations developing coronavirus vaccines in an attempt to steal sensitive information, according to the UK’s cyber security body.
The hacking group known as APT29 – also known as Cozy Bear and The Dukes – has allegedly been trying to steal information across the globe from vaccine trials.
The National Cyber Security Centre (NCSC) put out a joint statement with partner organisations in the US and Canada, claiming that the hackers “almost certainly operate as part of Russian Intelligence Services”.
It comes just an hour after foreign secretary Dominic Raab announced that Russian hackers had also tried to interfere with the UK election by “amplifying” leaked documents that Labour released at a press conference on 27 November.
It is believed that the UK’s two coronavirus vaccine projects at Oxford University and Imperial College have likely been targets and the NCSC is currently working with them to be aware of future attacks.
APT-29 has also been targetting labs working on Covid-19 therapeutic treatments.
The NCSC and its partners are currently working under the assumption that the Russian government has commissioned the attack in an attempt to beat other countries to finding a Covid-19 vaccine.
City A.M. understands that the cyber security agency believes the information being collected would be provided to the very highest levels within the Kremlin.
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
Responding to the news, Raab said: ““While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
The Prime Minister’s official spokesman added: “The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
“Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.”
The announcement coincides with several announcements about Russian interference in the UK.
Raab released a statement today confirming it is “almost certain that Russian actors sought to interfere in the 2019 general election through the online amplification” of confidential UK-US trade negotiation documents.
The government is not pinning blame on Russian actors for the release of the documents, but only for amplifying their existence online.
There has not been any suggestion that the actors are linked to the Russian state, however there is an active criminal investigation into the leak of the report.
Former Labour leader Jeremy Corbyn held a press conference on 27 November to widely release the documents, which he said showed the “NHS was for sale” in UK-US trade negotiations – a claim widely disputed.
This morning, it was announced by Westminster’s Intelligence and Security Committee that it would release its long-awaited report into Russian interference in UK politics next week.
The committee elected MP Julian Lewis as its chair last night, after he refused to vote for Downing Street’s candidate Chris Grayling.
Lewis promptly had the Tory party whip removed for the rebellion.
The Prime Minister’s spokesman said any suggestion that the release of the two Russia hacking stories today was to overshadow the release of a potentially embarrassing report was “nonsense”.
He said that the timing of the NCSC announcement was agreed with two other countries, the US and Canada, while news of the trade document leak could not be announced until the Intelligence and Security Committee had been formed.