Russian spies try to steal British scientists’ coronavirus vaccine in cyber hacking attack

We will use your email address only for sending you newsletters. Please see our Privacy Notice for details of your data protection rights.

In an act Prime Minister Boris Johnson called despicable, a Russian group attacked databases to snatch developments to beat the virus. Cyber security experts believe they probably succeeded and one warned that the Kremlin-backed hackers will “keep on coming”. The attacks are thought to be part of a drive by Putin’s spies to ensure Russia could match the West in the hunt for a vaccine. The Government said other Russian “actors” meddled in last year’s general election by spreading leaked Whitehall documents on social media.

The hacking attempt on Britain, revealed by the National Cyber Security Centre, sparked a huge diplomatic row yesterday. Foreign Secretary Dominic Raab said: “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.

“While others pursue their selfish interests with reckless behaviour the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.

“The UK will continue to counter those conducting such cyber attacks and work with our allies to hold perpetrators to account.”

Mr Johnson’s spokesman said: “The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.

“Working with our allies, we will call out those who seek to do us harm in cyberspace and hold them to account.”

Pharmaceutical research organisations in the UK, US and Canada were targeted in the criminal operation, a report by the security centre said.

It said the group called APT29, also known as “the Dukes’ or “Cozy Bear”, almost certainly operate as part of the Russian Intelligence Services.

The centre accused APT29 of carrying out a campaign of “malicious activity” against Western governments, diplomats, think-tanks, healthcare organisations and energy firms to steal valuable intellectual property.

Centre director Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

APT29, which stands for Advanced Persistent Threats, uses a variety of hacking techniques including spear-phishing – sending emails from a known or trusted sender to induce people to reveal confidential information.

Custom-made malware known as WellMess and WellMail allows hackers to run remote commands once they are installed on a compromised system. The security centre report said: “Throughout 2020 APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the US and the UK, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.

“APT29 is likely to continue to target organisations involved in Covid-19 vaccine research and development as they seek to answer additional intelligence questions relating to the pandemic.” Experts have been tracking APT29 for many years but yesterday was the first time officials linked it publicly to Russian intelligence. Russia denied the snooping claims.

Kremlin spokesman Dmitry Peskov said yesterday his country “had nothing to do” with the hacking and the claims were not backed by “proper evidence”.

Relations between London and the Kremlin are already at a low ebb after the Salisbury attack two years ago, aimed at killing double agent Sergei Skripal with Sovietera nerve agent Novichok. Russia is currently battling one of the world’s worst coronavirus outbreaks, notching up 752,797 cases, the fourth highest globally.

Dr Duncan Hodges, senior lecturer in cyberspace operations at Cranfield University, Beds, said: “I’d be incredibly surprised if Russia hadn’t had some success in these attacks.

“The reason they keep on using these tools and techniques is because they are incredibly successful in carrying them out.

“At a time when people’s attention is rightly focused on developing a life-saving vaccine, cyber security tends to take a lower priority for individuals, who overlook their basic security practices.

“This increase in vulnerability is what Russia thrives on to conduct its information operations.”

He warned: “As long as Russia keeps having success with these methods and continues to be unafraid of being caught these attacks will keep on coming.”

Shadow foreign secretary Lisa Nandy said: “The reported actions of the Russian Intelligence Services are wrong and should be condemned.” Ms Nandy urged the Government to release a longdelayed report by Parliament’s Intelligence and Security Committee into alleged Russian interference in UK politics, including the 2016 EU referendum.

The report is expected to be published next week.

It follows confirmation earlier this week of the new committee membership for the current parliamentary term.

Analysis by John Ingham, Daily Express Defence Editor

Security chiefs on both sides of the Atlantic yesterday lifted the lid on a shadowy world that shows the Cold War is alive and well under Russian President Vladimir Putin.

A sinister group, thought to be approved at the highest level in Russia, has taken industrial espionage to a new level by trying to steal the secrets of Britain’s world-leading research to find a vaccine for Covid-19.

Known by several names, including The Duke and the innocent-sounding Cozy Bear, its business is gaining intelligence for the Kremlin and destabilising enemies.

That it is also accused of meddling in last year’s UK general election is hardly a surprise.

Cozy Bear targets valuable organisations, searching for weaknesses in the software that will give them access to data.

Britain and its Allies are almost certainly doing much the same thing to the Russians. There is a permanent cyber war raging in the shadows.

Russia, of course, denies any involvement with Cozy Bear. That is the beauty of cyber warfare. No matter how deep a state’s involvement, it is always deniable because the links are so difficult to prove.

It is also part of what the military calls “hybrid” warfare – conflict below the level that would normally trigger a conventional war.

This includes fake news, deploying sleeper agents and meddling in elections through online propaganda.

The darlings of hybrid warfare are computer experts. When they are backed by the intelligence services of a state obsessed with reclaiming its superpower status they are extremely dangerous.

It is why our military wants to spend more on cyber warfare and why defence chiefs are thinking about recruiting a new type of warrior who may never carry a gun – the hacker.

Source: Read Full Article