Industry-Sponsored Research Week

Russia is accused of hacking into coronavirus vaccine research


By David Schwartz
Published: July 21st, 2020

The U.S., UK, and Canadian governments last week accused a sophisticated Russia-backed hacking group of trying to steal research data and IP related to coronavirus vaccine development, calling out the Kremlin in an unusual public warning to scientists and medical companies.

They alleged that the hacking group APT29, also known as Cozy Bear, is attacking academic and pharmaceutical company research into a potential COVID-19 vaccine. The alleged culprit is the same group implicated in the hacking of Democratic e-mail accounts during the 2016 U.S. presidential election.

It is still unclear whether any useful information was stolen. Similar allegations have been made in the past against Russia, China, and other bad actors, but the latest warning was remarkable for its level of detail, naming the hacking group and specifying the software vulnerabilities the hackers have been exploiting.

Also, Russian cyberattacks strike a particular nerve in the U.S. given the Kremlin’s sophisticated campaign to influence the 2016 presidential election. And the coordination of the new warning across continents seemed designed to add heft and gravity to the announcement and to prompt the Western targets of the hackers to protect themselves. John Hultquist, senior director of analysis at Mandiant Threat Intelligence, said the report warning of the hacking efforts “is full of specific operational information that defenders can use” to protect their networks.

Russia has denied involvement in the hacks.

The U.S. Department of Homeland Security’s cybersecurity agency had previously warned that cybercriminals were targeting COVID-19 research, noting that the increase in people teleworking due to the pandemic had created potential avenues for hackers to exploit. Profit-motivated criminals have exploited the situation, and so have foreign governments “who also have their own urgent demands for information about the pandemic and about things like vaccine research,” said Tonya Ugoretz, a deputy assistant director in the FBI’s cyber division.

The alert did not name the targeted organizations or say how many labs and companies were affected. But it did say the goal was to steal information and intellectual property related to vaccine development. A 16-page advisory accuses Cozy Bear of using malware programs called WellMess and WellMail. “[T]he group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.

Source: AP News

Posted under: University-Industry Engagement Week

Twitter Facebook Linkedin Pinterest Email

No Comments so far ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment