Content, Breach

Russian Hackers Seek to Heist COVID-19 Vaccine Research, Western Nations Claim

Three Western governments have accused Russian cyber operatives of attempting to steal coronavirus (COVID-19) vaccine research, emphasizing the pandemic’s potential to exacerbate global political tension in the race to derail the virus. Russia has denied the claims.

American, British and Canadian national security officials fingered the notorious, Kremlin-linked cyber crew CozyBear, also known as APT29 and, in some circles, The Dukes or CozyDuke, of thirsting for intelligence and supply chain information from research facilities and healthcare organizations engaged in vaccine development, multiple reports said. It’s the same gang that broke into the Democratic National Committee’s servers and meddled with the 2016 U.S. Presidential election beginning in 2015.

It should come as no surprise that polished state-backed hacking groups are diving for intellectual property on vaccine development, in particular Russian cyber bad actors. Organizations researching potential drugs to treat or vaccinate Covid-19 victims are now more in the public eye, making them a mark, FBI officials have previously said. A number of examples have surfaced in the last two months. For example, in March, ransomware hackers hit 10x Genomics, a Pleasanton, California-based biotechnology research outfit working to understand the human body’s immune response to speed development of a Covid-19 vaccine.

‘We certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research,” an FBI cybersecurity agent said at the time. While it’s not uncommon for nation state hackers to target the biopharmaceutical industry, “it’s certainly heightened during this crisis,” the FBI official said.

Russian motivation in the alleged cyber probing scheme, which experts said sprung from a phishing campaign, may be tied more to developing its own vaccine rather than straight up espionage, reports said. Russia is believed to fear reliance on Western countries for a COVID-19 vaccine if and when one should pass human trials.

“Russia clearly doesn’t want to disrupt vaccine production, but they don’t want to be dependent on the U.S. or the U.K. for production and discovery of the vaccine,” Robert Hannigan, who formerly headed the British intelligence agency, told The New York Times. “It is not impossible to think Kremlin pride is such that they don’t want that to happen.”

Government officials from all three nations declined to identify the research firms targeting in the cyber attacks. However, according to Hannigan, the digital forays appear to have been directed at Oxford University in Britain and AstraZenica, the British-Swedish pharmaceutical company, which have been jointly working on a vaccine, the NYT report said.

A spokesperson for Russian president Vladimir Putin reportedly told media outlets that the accusations were unacceptable. “Russia has nothing to do with these attempts,” he said.

The list of COVID-19-tied infiltrators is long. In mid-May, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned Chinese government-backed hackers to lay off trying to steal COVID-19 related intellectual property and public health data from healthcare organizations and research organizations involved in vaccine development. At the same time, CISA and the United Kingdom’s National Cyber Security Centre (NCSC) warned that advanced persistent threat actors are probing for COVID-19 intellectual property on national and international healthcare policy along with sensitive research data.

“We are seeing adversaries that are targeting our pharmaceutical companies, pharmaceutical research, laboratories, testing, and really out into the future manufacturing of the vaccine systems and the distribution of vaccines,” a CISA official said at the time.

A number of COVID-19-linked cyber attacks have hit federal agencies, including the World Health Organization (WHO) and the Department of Health and Human Services, in the past few months. For example, “hack-for-hire” cyber crews are ensnaring individuals in the U.S., the U.K., Bahrain, Canada, Cyprus, India and Slovenia with phishing email invitations to sign up for bogus COVID-19 notifications from the WHO.

In April, unknown hackervists made public some 25,000 email credentials reportedly belonging to staffers at the National Institutes of Health (NIH), the WHO, the Gates Foundation and others battling COVID-19. And, Iran-backed nation-state hackers tried to hijack the personal email accounts of a number of WHO staffers.

In late June, the FBI's Internet Crime Complaint Center said it had received some 20,000 COVID-19-related cybersecurity threats to date, exceeding what the unit saw for all types of internet fraud in 2019.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.