Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cozy Bear: The Russian hacking group trying to steal the UK's coronavirus vaccine

Established cyber criminals also known as APT29 were involved in obtaining and disseminating US Democrat emails in 2016, but in recent months their activities have been overwhelmingly focused on Covid-19 research

Kim Sengupta
Defence Editor
Thursday 16 July 2020 18:25 EDT
Comments
Enough coronavirus vaccine doses for everyone in UK 'in first half of next year' if trials succeed, research chief says

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The hacking of British research into a coronavirus vaccine was allegedly carried out by a Russian cyber group which was also involved in stealing and disseminating information from Democratic Party computers in the run-up to the 2016 US election which put Donald Trump in the White House.

The group APT29, also known as Cozy Bears, was named by the UK’s National Cyber Security Centre (NCSC) as being behind the targeting of British, American and Canadian organisations involved in missions to find a counter to the pandemic.

Scientists at Oxford University and London’s Imperial College are at present leading the research into finding a vaccine for Covid-19 and the UK has recently been earmarked, say security officials, for attacks by groups connected to the Kremlin.

Cozy Bear, linked to the Russian intelligence service FSB as well as the military intelligence arm GRU, is said to have developed new types of malware packages for attacks codenamed “Operation Ghost” by western security officials. Their targets in the US have included the Pentagon and the State Department during the Obama administration, and Norwegian and Dutch ministries in 2017.

The group’s activities in recent months have been devoted to research into coronavirus, according to security officials. The NCSC, which is part of GCHQ, the British government’s communications headquarters, has previously warned of advanced persistent threat (APT) hackers carrying out attack related to coronavirus both in Britain and abroad.

The UK became linked to the hacking of the Democratic Party emails with claims that Julian Assange, then seeking refuge in the Ecuadorian embassy in London, worked with the Russians to make them public, an act which greatly damaged Hillary Clinton’s campaign and helped that of Mr Trump. Mr Assange has denied the accusations.

Roger Stone – who it was said by special counsel Robert Mueller’s investigation into Russian interference into the US election had been in liaison with Mr Assange – last week had his prison sentence commuted by Mr Trump. Mr Assange remains incarcerated at the maximum security Belmarsh prison, facing extradition to the US and a possible 150-year sentence on separate charges of hacking Pentagon computers.

Meanwhile, the threat of illicit attacks on Covid-19 related matters is likely to continue, says the NCSC. The Cyber Centre said that it was 95 per cent sure that APT29 is part of Russian intelligence services, an assessment supported by the Canadian Communication Security Establishment, the US Department for Homeland Security, the Cybersecurity Infrastructure Security Agency, and the National Security Agency (NSA).

The NCSC concluded in a report: “APT29 is likely to continue to target organisations involved in Covid-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”

Paul Chichester, NCSC director of operations, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”

Dominic Raab, the foreign secretary, declared that it was “completely unacceptable” for Russian intelligence services to target research on the Covid-19 pandemic.

He said: “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”

In the US, Anne Neurberger, the director of cyber security at the NSA said: “We, along with our partners, remains steadfast in our commitment to protecting national security by collectively issuing this critical cyber security advisory as foreign actors continue to take advantage of the ongoing Covid-19 pandemic,

APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organisations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory.”

In Moscow, Russian government spokesman Dmitry Peskov insisted: “We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain. We can say one thing – Russia has nothing at all to do with these attempts. We do not accept such accusations.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in