"LONDON/OTTAWA (Reuters) - Hackers backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world, Britain’s National Cyber Security Centre (NCSC) said last Thursday.
A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as Cozy Bear, which they said was almost certainly operating as part of Russian intelligence services.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC Director of Operations Paul Chichester.
Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa over the last year.
Russian news agency RIA cited spokesman Dmitry Peskov as saying the Kremlin rejected London’s allegations, which he said were not backed by proper evidence.
The U.S. Department of Homeland Security and U.S. Cyber Command also released technical information on Thursday about three hacking tools being deployed by the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.
Private sector cybersecurity researchers who had spotted the WELLMESS malware over the last year were unaware of its Russian origins until Thursday.
In several cases, WELLMESS was found within U.S. pharmaceutical companies, said three investigators familiar with the matter, who spoke on condition of anonymity to discuss confidential information. The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the victims."