In a new warning by US, UK and Canadian security officials on Thursday July 16, all three allies detailed how Russian cyber actors are targeting organizations involved in coronavirus vaccine development using a Russian hacking group called APT29, which also goes by the name “the Dukes” or “Cozy Bear.”
An advisory published by the UK National Cyber Security Centre (NCSC) details activity by the Russian hacking group and explicitly calls out efforts to target US, UK and Canadian vaccine research and development organizations.
“APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property,” a press release on the advisory said.
The latest advisory comes as the number of Coronavirus cases in the US continues to surge while researchers try to develop a vaccine.
The Department of Health and Human Services, the US department in charge of the Centers for Disease Control and Prevention has been struck by a surge of daily strikes, according to security officials who blame Russia and China as culprits.
“The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic,” NSA Cybersecurity Director Anne Neuberger said in a statement after Thursday’s advisory was published.
“APT29 has a long history of targeting governmental, diplomatic, think tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” she said.
The NCSC, which is the UK’s lead technical authority on cyber security assessed that APT29 “almost certainly operate as part of Russian Intelligence Services.”
This assessment is also supported by the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), the NCSC said.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations, Paul Chichester, said in a statement.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”