Russian cyber actors are targeting organizations involved in coronavirus vaccine development, according to UK security officials.
A UK National Cyber Security Centre (NCSC) advisory published Thursday details activity of a group known as APT29, also named “the Dukes” or “Cozy Bear”.
It said known targets of APT29 include UK, US and Canadian vaccine research and development organizations.
The NCSC, which is the UK’s lead technical authority on cyber security and part of the UK’s Government Communications Headquarters (GCHQ), assessed that APT29 “almost certainly operate as part of Russian Intelligence Services”.
This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), the NCSC said.
“APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property,” according to a news release.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations, Paul Chichester, said in a statement.
The press release said the NCSC has previously warned that APT (Advanced Persistent Threats) groups have been targeting organizations involved in both national and international Covid-19 responses.
APT29 uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”, according to the NCSC.
The report concluded that: “APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”