WASHINGTON — Russian hackers, opening a dangerous new front in intelligence battles, are attempting to steal coronavirus vaccine research, the American, British and Canadian governments said Thursday.
The National Security Agency said that a hacking group implicated in the break-ins into Democratic Party servers in 2016 has been trying to steal intelligence on vaccines from health care organizations. The group, known as both APT29 and Cozy Bear and associated with Russian intelligence, has sought to exploit the chaos created by the coronavirus pandemic, officials said.
The Russian hackers have targeted British, Canadian and American organizations using malware and sending fraudulent emails to try to trick people into turning over passwords and other security credentials, all in an effort to access the research as well as information about medical supply chains.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the director of operations for Britain’s National Cyber Security Center.
The Russians are not alone in trying to steal vaccine information from the United States and other countries. The U.S. government has previously warned about efforts by China and Iran to steal vaccine research.
There was likely little immediate damage to global public health, said Mike Chapple, an associate professor who teaches cybersecurity at the University of Notre Dame and a former National Security Agency computer scientist.
“The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road,” he said.
Cozy Bear is one of the highest profile, and most successful, hacking groups associated with the Russian government. It was blamed alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously,” said Anne Neuberger, the National Security Agency’s cybersecurity director.
While the ties between Cozy Bear and Russian spy services are not always clear, the National Security Agency called Cozy Bear a Russian intelligence group on Thursday and the British government said that the hackers are almost certainly part of the Russian intelligence services.
The American government did not say how much vaccine information the Russian group has stolen, or what damage to research efforts the hacking may have caused. Some officials suggested the attacks have not been hugely successful, but are widespread enough to warrant a coordinated international warning.
The three governments’ cyberdefense arms published advisories aimed at helping health care organizations bolster their computer network defense.
The National Security Agency and the British cybersecurity center declined to identify victims of the hacks, although academic organizations and labs doing vaccine research appear have been their focus. Imperial College London, which has taken a leading role in Covid-19 research, issued a statement saying it takes appropriate security measures and has “benefited from government advice” to provide extra protection for its vaccine work.
The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”
The Coronavirus Outbreak ›
Frequently Asked Questions
Updated July 16, 2020
Is the coronavirus airborne?
- The coronavirus can stay aloft for hours in tiny droplets in stagnant air, infecting people as they inhale, mounting scientific evidence suggests. This risk is highest in crowded indoor spaces with poor ventilation, and may help explain super-spreading events reported in meatpacking plants, churches and restaurants. It’s unclear how often the virus is spread via these tiny droplets, or aerosols, compared with larger droplets that are expelled when a sick person coughs or sneezes, or transmitted through contact with contaminated surfaces, said Linsey Marr, an aerosol expert at Virginia Tech. Aerosols are released even when a person without symptoms exhales, talks or sings, according to Dr. Marr and more than 200 other experts, who have outlined the evidence in an open letter to the World Health Organization.
What are the symptoms of coronavirus?
What’s the best material for a mask?
Is it harder to exercise while wearing a mask?
- A commentary published this month on the website of the British Journal of Sports Medicine points out that covering your face during exercise “comes with issues of potential breathing restriction and discomfort” and requires “balancing benefits versus possible adverse events.” Masks do alter exercise, says Cedric X. Bryant, the president and chief science officer of the American Council on Exercise, a nonprofit organization that funds exercise research and certifies fitness professionals. “In my personal experience,” he says, “heart rates are higher at the same relative intensity when you wear a mask.” Some people also could experience lightheadedness during familiar workouts while masked, says Len Kravitz, a professor of exercise science at the University of New Mexico.
What is pandemic paid leave?
- The coronavirus emergency relief package gives many American workers paid leave if they need to take time off because of the virus. It gives qualified workers two weeks of paid sick leave if they are ill, quarantined or seeking diagnosis or preventive care for coronavirus, or if they are caring for sick family members. It gives 12 weeks of paid leave to people caring for children whose schools are closed or whose child care provider is unavailable because of the coronavirus. It is the first time the United States has had widespread federally mandated paid leave, and includes people who don’t typically get such benefits, like part-time and gig economy workers. But the measure excludes at least half of private-sector workers, including those at the country’s largest employers, and gives small employers significant leeway to deny leave.
The Russian group has not previously used that malware, according to British officials. But American officials said they were confident in attributing the attacks to the Russian hacking group.
American officials declined to comment on the precise intent of the Cozy Bear hack.
Dmitri S. Peskov, the spokesman for President Vladimir V. Putin of Russia, said on Thursday that Russia has no knowledge of or involvement in attempts by hackers to steal coronavirus vaccine research in the United Kingdom.
“We do not have any information about who might break into pharmaceutical companies and research centers in Great Britain,” Mr. Peskov told RIA-Novosti, a state news agency. “We can say only that Russia has nothing to do with these attempts.”
Outside experts said it appeared that the Russians were simply copying information, not trying to damage the research organizations.
“It wouldn’t surprise me if intelligence services of all nations are doing this same kind of thing and using the information to advance their research against coronavirus,” said Mr. Chapple.
The three governments said Cozy Bear used recently published exploits to gain a foothold. If organizations do not immediately patch a vulnerability after a software company makes it public along side a fix, corporate networks can be vulnerable.
Once Cozy Bear uses the malware to get access they create legitimate credentials to maintain access to a system even after it is patched.
Reporting was contributed by David D. Kirkpatrick and Stephen Castle from London and Andrew Higgins from Moscow.