A hacking group believed to be operating as part of Russian intelligence services is targeting organisations involved in Covid-19 vaccine development, the US, British and Canadian governments said.
The threat group, known as APT29, has exploited organisations globally, the National Cyber Security Centre (NCSC) of the UK said in an advisory.
The APT29, also named “the Dukes” or “Cozy Bear”, uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”, the NCSC said.
This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS), the Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property, the advisory said.
“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,” the UK Foreign Secretary, Dominic Raab, said in a statement.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health,” the statement added.
The NCSC has previously warned that APT groups have been targeting organisations involved in both national and international Covid-19 responses.
Known targets of APT29 include the UK, the US and Canadian vaccine research and development organisations, the NCSC said.