Hackers linked to Russia trying to steal UK's secret coronavirus vaccine research, Cyber Security Centre says
In joint announcement, UK, US and Canadian security agencies say Cozy Bear group operating as part of Russian intelligence
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers linked to Russia’s state intelligence are attempting to steal secret research on coronavirus vaccines from UK labs, the National Cyber Security Centre has said.
In a co-ordinated announcement with security agencies in the US and Canada, the NCSC pointed the finger at an established hacker group known as APT29, Cozy Bear or The Dukes.
And for the first time since the shady group’s existence became known, the allied agencies said that APT29 is “almost certainly” operating as part of Russian intelligence services. Although neither the NCSC nor the US National Security Agency explicitly accused president Vladimir Putin of ordering the group's activities, it is thought that there is awareness of its operations at the highest levels of the Russian administration.
It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.
The attacks form part of a pattern which has seen both state and criminal organisations shift cyber activity to target potentially valuable intellectual property relating to vaccines and treatments for Covid-19 during the pandemic.
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
Known targets of APT29 include UK, US and Canadian vaccine research and development organisations.
The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
The campaign is not believed to be related to a separate attempt by unidentified “Russian actors” to interfere in December’s election by disseminating details of the government’s trade talks with the US, revealed by foreign secretary Dominic Raab today.
Speaking after the NCSC announcement, Mr Raab called for an end to cyber attacks by Russian intelligence services.
“It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic,” said the foreign secretary.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
It is unclear whether hackers have been successful in obtaining any scientific information from UK labs in the attacks, which are still believed to be ongoing. The NCSC has not stated what level of success the group had achieved, saying that its purpose is to heighten awareness of the risk which it poses and the need to take protective measures.
But it is not thought that they have targeted the personal information of individuals working in the institutions.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments