Russian cyber spies are targeting organizations working to develop a coronavirus vaccine in the U.S., U.K. and Canada according to a July 16 warning that detailed activity by Russian hacking group APT29, also known as "the Dukes" and "Cozy Bear."
An advisory published by the U.K. National Cyber Security Centre (NCSC) detailed Russian hackers’ efforts to target vaccine research and development organizations and stated they “almost certainly operated as part of Russian intelligence services.” It also stated that research had not been hindered.
Cybersecurity and privacy expert Mike Chapple, teaching professor of IT, Analytics, and Operations at the University of Notre Dame’s Mendoza College of Business, said "Cozy Bear” is a well-known cybersecurity threat that has been actively attacking targets of the Russian government for at least six years.
“This is the same group believed to be behind the 2016 attack against the Democratic National Committee and more recent attacks against targets in the United States, Norway and The Netherlands,” said Chapple, a former computer scientist with the National Security Agency and former Air Force intelligence officer.
Chapple notes there are striking details in this particular string of attacks.
“First, the attacks demonstrate that the Russian government has a clear interest in stealing intellectual property from organizations engaged in coronavirus research efforts,” he said. “Second, the international intelligence community is united in their assessment of this threat. The report was issued by the United Kingdom’s National Cyber Security Centre, but the contents were endorsed by the National Security Agency and Department of Homeland Security in the United States as well as the Canadian government. Third, the attackers used a wide range of sophisticated techniques to carry out their attacks. They used the same type of social engineering attacks used to target Twitter employees in yesterday’s breach, but also scanned systems at their target organizations for vulnerabilities and used custom-developed malicious software to exploit the vulnerable systems that they discovered.”
Fortunately, Chapple points out, the motives of the attackers appear to be limited to stealing information, rather than hindering coronavirus research efforts.
“Firms engaged in COVID-19 research certainly have a lot to lose from a financial perspective,” he said, “but it’s unlikely that these attacks will hinder international research efforts."
Contact: Mike Chapple, mchapple@nd.edu