Intelligence agencies warn of cyber espionage against COVID-19 R&D
Hackers working for Russian intelligence services are targeting COVID-19 vaccine R&D in the U.S., Canada and the U.K., according to a report released Thursday by the U.K.’s National Cyber Security Centre and Canada’s Communications Security Establishment. The report states that the National Security Agency in the U.S. agrees with the “attribution and details,” and the Department of Homeland Security “endorses the technical detail and mitigation advice” provided in the advisory.
APT29, also known as “the Dukes” or “Cozy Bear,” a cyber espionage group affiliated with Russian intelligence, have conducted attacks targeting COVID-19 vaccine R&D using publicly available software vulnerabilities and spear-fishing attacks, according the to the intelligence agencies. Spear-fishing involves sending customized emails with the goal of inducing targets to click on websites that contain malware or to obtain credentials.
The report contains examples of specific software vulnerabilities that APT29 has exploited to infiltrate the computer networks of organizations conducting COVID-19 vaccine R&D, as well as advice about how to detect and mitigate cyber intrusions.
In addition to warning about Russian cyber attacks on COVID-19 R&D, in May the FBI issued a similar advisory about “cyber actors and non-traditional collectors” affiliated with the Chinese government. The FBI reported Chinese attempts “to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”
Governments that have warned against Russian and Chinese COVID-19 cyber espionage have not disavowed the use of similar techniques to obtain information about COVID-19 R&D activities from other countries.