Russia Accused of Stealing Western Coronavirus Research
By Jamie Dettmer July 16, 2020
U.S., British and Canadian officials accused the Kremlin Thursday of being behind a massive and ongoing cyber hack aimed at stealing from Western pharmaceutical companies and academic institutions doing research into coronavirus vaccines and treatment therapies.
In a joint statement, the governments of all three countries said the hacking operation started in February and has been unrelenting since.
Britain's National Cybersecurity Center, part of the country's eavesdropping agency, GCHQ, issued the statement, which was coordinated with counterparts in the U.S. and Canada. Officials identified the Russian hacking group APT29, also nicknamed Cozy Bear, as being behind the hacks.
"APT29 has a long history of targeting governmental, diplomatic, think tank, health care and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory," Anne Neuberger, cybersecurity director at the U.S.'s National Security Agency, said in a statement.
Paul Chichester, the National Cybersecurity Center's director of operations, said, "We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic."
Chichester said the Cozy Bear group "almost certainly operates as part of Russian intelligence services."
All three Western allies are working to try to protect coronavirus-related research and are issuing new cybersecurity advice to pharmaceutical firms, universities and other research institutes.
"We would urge organizations to familiarize themselves with the advice we have published to help defend their networks," Chichester added.
The three Western allies first warned in May that state-backed cyber spies were trying to steal coronavirus data, but they did not at that time identify who was behind the assault. Officials briefed reporters off the record that China, Russia and Iran were involved.
Cozy Bear, along with a cyber hacking group called Fancy Bear, have been accused by U.S. officials and private cybersecurity companies of hacking the U.S. Democratic Party in 2016 in the run-up to the presidential election.
The accusation about the Kremlin-sponsored cyberattacks came just minutes after Britain's Foreign Secretary Dominic Raab told lawmakers in the House of Commons that Russia had sought to meddle in last year's British general election.
Raab said it was "almost certain" that Russia attempted to influence the outcome of the election, after documents detailing Anglo-American free trade talks were "illicitly acquired."
The trade documents were placed online and were noticed by Britain's main opposition Labor Party and used in the election campaign to suggest the Conservatives would sign a post-Brexit trade deal with the U.S. that would be more favorable for U.S. businesses.
"On the basis of extensive analysis, the government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online amplification of illicitly acquired and leaked government documents," Raab said.
He added, "Sensitive government documents relating to the U.K.-U.S. free trade agreement were illicitly acquired before the 2019 general election and disseminated online via the social media platform Reddit. When these gained no traction, further attempts were made to promote the illicitly acquired material online in the run-up to the general election."
Raab said the British government "reserves the right to respond with appropriate measures in the future" – a sign that London is considering imposing additional sanctions on Russia, adding to those already introduced for Russia's annexation in 2014 of Ukraine's Crimea region and for a nerve agent attack in England targeting a Russian defector.
Russia's Foreign Ministry spokesperson Maria Zakharova said Raab's allegations about election meddling were vague.
"The statement is so foggy and contradictory that it's practically impossible to understand," she told reporters in Moscow.
Russian officials deny any involvement by the Russian state in coronavirus cyber hacking, saying Moscow's own vaccine plans are far advanced and claiming Russia could be the first country to roll out mass immunization.
"We have no information on who could have hacked the pharma companies and research centers in the UK. We can only say one thing – Russia has nothing to do with those attempts," Kremlin press secretary Dmitry Peskov told reporters in the Russian capital. "We reject these kind of accusations," he added.
Raab's accusations Thursday come ahead of the scheduled publication next week of a House of Commons report on alleged Russian interference in the general workings of British democracy. That report was completed in May 2018 but was delayed by the government, despite pressure from opposition parties that it be released ahead of last year's general election, in which Prime Minister Boris Johnson's Conservative Party won in a landslide victory.
U.S. authorities recently accused Chinese spies of trying to steal vaccine information. FBI Director Chris Wray last week said, "At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research."
British officials say that the ongoing and highly targeted hacking operation by Cozy Bear has focused on facilities known to be working on coronavirus vaccines and treatments to overcome COVID-19, the disease caused by the coronavirus. British-based researchers at the University of Oxford and Imperial College London are believed to be among those targeted.
Britain's spy chiefs say the Russian hackers have been using several techniques to try to gain access to information, including spear-phishing and custom malware.
An official Downing Street spokesman said, "The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable. Working with our allies, we will call out those who seek to do us harm in cyberspace and hold them to account."
Russian officials announced Thursday that Phase 2 trials of a Russian-made coronavirus vaccine will end on Aug. 3, to be followed immediately by a third phase.
"The third phase will not only take place in Russia, but also in a number of other countries," Kirill Dmitriev, head of the Russian Direct Investment Fund, told reporters during an online press conference.
"We expect to receive regulatory approval to start using the Russian vaccine in August-September," he added.
The vaccine was developed by Moscow's Gamalei Institute of Epidemiology, working with the country's Ministry of Defense.
VOA National Security Correspondent Jeff Seldin contributed to this report.
|Join the GlobalSecurity.org mailing list|