Russian hackers try to steal coronavirus vaccine research

WASHINGTON – russian hackers try to steal coronavirus vaccine research, the US, UK and Canadian governments said Thursday, accusing the Kremlin of opening a new front in its spy battles with the West amid global competition to contain the pandemic.
The National Security Agency said a hacking group involved in the 2016 Democratic Party server break-ins attempted to steal information about vaccines from universities, businesses and other health care organizations. The group, associated with the Russian Secret Service and known as APT29 and Cozy Bear, sought to exploit the chaos created by the Coronavirus pandemic, officials said.
U.S. intelligence officials have said the Russians are aiming to steal research to develop their own vaccine faster, not to sabotage the efforts of other countries. There was likely little immediate damage to global public health, cybersecurity experts said.
Russian espionage nonetheless signals a new kind of competition between Moscow and Washington akin to Cold War spies stealing technological secrets during the space race generations ago.
Russian hackers have targeted UK, Canadian and US organizations using malware and sending fraudulent emails in an attempt to trick their employees into handing over passwords and other security credentials, the all for the purpose of accessing vaccine research as well as medical supply information. Chains.
The accusations against Russia were also the latest example of a growing willingness in recent months by the United States and its closest intelligence allies to publicly accuse foreign adversaries of violations and cyber attacks. The US government has already warned of the efforts by China and Iran steal vaccine research.
Attributing such attacks is imprecise, however, an ambiguity which Moscow takes advantage of to deny responsibility, as it did on Thursday.
Still, government officials, as well as outside experts, have expressed confidence that Cozy Bear, controlled by Russia’s elite intelligence agency SVR, was responsible for the attempts to break into research on the virus vaccine.
“We condemn these vile attacks on those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, director of operations at Britain’s National Cyber Security Center.
The head of the center, Ciaran Martin, told NBC News that the cyber attacks were first detected in February and that no evidence had emerged that any data had been stolen.
Government officials have not identified the victims of the hacks. But the main target of the attacks appears to be the University of Oxford in Britain and the Anglo-Swedish pharmaceutical company AstraZeneca, who have jointly worked on a vaccine, said Robert Hannigan, the former head of GCHQ, the agency. British intelligence.
Scientists at Oxford said Thursday they noticed a startling resemblance between their vaccine approach and the work the Russian scientists had reported.
While Russia may seek to steal the vaccine data to bolster its own research, it may also try to avoid relying on Western countries for any possible coronavirus vaccine.
While AstraZeneca has announced that it will make the Oxford vaccine available at cost, governments and philanthropic organizations have paid the company huge sums to secure their place in the queue, even without any guarantees whatsoever. will work. The United States has said it will pay up to $ 1.2 billion to AstraZeneca to fund a clinical trial and secure 300 million doses. Russia could end up at the back of the pack if the vaccine proves effective.
“Russia clearly does not want to disrupt vaccine production, but it does not want to depend on the United States or the United Kingdom for the production and discovery of the vaccine,” said Hannigan, now an executive at the cybersecurity company BlueVoyant. “It is not impossible to think that the pride of the Kremlin is such that they do not want this to happen.”
An intense international race is underway to develop a vaccine against the coronavirus which has already killed 580,000 people and turned everyday life around the world upside down. More … than 155 vaccines are in development, 23 of which have been tested in humans.
Some vaccines work by modifying another common virus to mimic the coronavirus in order to trigger an immune response without making people sick. Research by Oxford and AstraZeneca is based on one of these pathogens, a chimpanzee adenovirus. The Russian Ministry of Health is trying to use two more adenoviruses but is not as far along in its tests as researchers at Oxford.
Some officials have suggested that the Russian attacks were not successful, but that they were widespread enough to warrant a coordinated international warning.
Intelligence services around the world have stepped up their focus on information surrounding the virus. FBI Director Christopher A. Wray accused China last week of “Work to compromise American health organizations” conduct research on Covid-19.
“Russia is not alone,” said John Hultquist, senior director of intelligence analysis at FireEye, a Silicon Valley cybersecurity firm. “A lot of people are in this game even though they haven’t been called up yet. The whole pandemic is absolutely riddled with spies. “
Chinese government hackers have long focused on stealing intellectual property and technology. Russia has aimed much of its recent cyberespionage, such as electoral interference, to weaken its geopolitical rivals and strengthen its influence.
“China is more notorious for hacking than Russia, which of course is better now for using hacks to disrupt and chaos,” said Laura Rosenberger, a former Obama administration official who now heads the Alliance for the Security of Democracy. “But there’s no question that whoever gets a vaccine first thinks they’ll have a geopolitical advantage, and that’s something I would expect Russia to want.”
Yet a Russian intrusion could inadvertently damage some vaccine data, and additional security protocols to protect against future cyber attacks could place a burden on researchers. Private companies are more at risk than the public, said Mike Chapple, a former National Security Agency computer scientist who teaches cybersecurity at the University of Notre Dame.
“The potential harm here is limited to commercial harm, to companies that devote a large portion of their own resources to developing a vaccine in the hope that it will pay off in the long run,” he said.
The Kremlin mocked the announcements on Thursday, and Russian officials said they were unsure who might have hacked businesses or research centers in Britain. A Russian official said the accusation was an attempt to discredit Moscow’s own work on a vaccine.
Dmitry S. Peskov, spokesman for Russian President Vladimir V. Putin, told reporters the accusations were unacceptable. “Russia has nothing to do with these attempts,” he said.
Cozy Bear is one of the best-known and successful hacking groups associated with the Russian government. He got involved alongside the group Fancy bear in the 2016 hack of the Democratic National Committee. Although Cozy Bear is believed hack into the committee’s computers, he played no known role in posting stolen Democratic emails.
Cozy Bear “has a long history of targeting government, diplomatic, think tank, health care and energy organizations for intelligence, so we encourage everyone to take this threat seriously,” said Anne Neuberger, Director of Cyber Security for the National Security Agency.
The malware Cozy Bear used to steal the vaccine research included code known as “WellMess” and “WellMail”. The Russian group has never used this malware, according to British officials.
But US experts say the tactics used to try to gain access to vaccine data bear all the hallmarks of Russian intelligence officials. And US officials said they were confident in attributing the attacks to the Russian hacking group.
The US, UK and Canadian governments have said Cozy Bear used recently publicized weak points in computer networks to gain a foothold. If organizations do not immediately correct a vulnerability identified by a software vendor, their networks can be exposed to hackers.
Once Cozy Bear hackers exploit these loopholes to gain access to a computer system, they create legitimate credentials to maintain access even after the hole has been fixed.
While different Russian hacking groups often share similar targets, they are led by different intelligence agencies for different purposes.
Cozy Bear hackers seek out information but generally do not release it publicly, according to the government and outside experts. Fancy Bear, who works for Russian military intelligence and is also known as APT28, will often publish the information he steals.
Cozy Bear’s ties are with the SVR, the Russian equivalent of the CIA, according to current and former officials. Unlike other Russian hackers, Cozy Bears operations are sophisticated, stealthy, and difficult to detect.
“Their job is to collect intelligence the old-fashioned and silent,” said Hultquist, cybersecurity analyst.
Reporting was provided by Nicole Perlroth from San Francisco, David D. Kirkpatrick and Stephen Castle from London, Andrew Higgins from Moscow and Charlie Savage from Washington.