Russian Cyber Espionage Group Targets CCP Virus Vaccine Development

July 16, 2020 Updated: July 20, 2020

A Russian cyber espionage group is “highly likely” to have been trying to steal information on CCP virus vaccines, the British national cybersecurity centre (NCSC) has said.

The NCSC on Thursday published an advisory report (pdf), detailing the recent tactics, techniques, and procedures Russian group APT29 used to target different organizations.

Throughout 2020, it has targeted “COVID-19 vaccine development in Canada, the United States, and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” the report stated.

The report said the NCSC and Canada’s Communications Security Establishment (CSE) “assess that APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services,” and “the United States’ National Security Agency (NSA) agrees with this attribution and the details provided in this report.”

In a statement, the Foreign Secretary Dominic Raab condemned the Russian cyber attacks.

“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” he said.

“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”

The advisory report laid out the techniques used by APT29 to target think-tanks and governmental, healthcare, and energy organisations to obtain intelligence.

By exploiting existing IT system vulnerabilities, the group are able to gain access to specific target organisations. They can then create a permanent access to the systems and use malware such as WellMess and WellMail to carry out further operations on the compromised systems.

The NSCS recommended that any organisations involved in vaccine research check their systems for compromise or vulnerabilities to prevent loss of sensitive information.