The UK, US and Canada have accused Russia of attempting to hack into the ongoing research on development and testing of coronavirus vaccine.
In an alert issued on Thursday, UK's National Cyber Security Centre (NCSC) said that Russia-backed advanced persistent threat group APT29 is currently targeting British labs in efforts to "steal valuable intellectual property" on Covid-19 vaccine.
The deadly Covid-19 virus has already killed more than 585,000 people worldwide, and all hopes have now turned to a vaccine to finally bring the onslaught to an end.
Britain is one of the few countries that have entered into the human trial phase for the vaccine. According to media reports, a vaccine being developed by the University of Oxford has shown potentially positive results.
NCSC said that in the last six months, APT29 group has specifically targeted biomedical research organisations through 'WellMail' and 'WellMess' malware. The agency said that it was almost certain that APT29 is part of the Russian intelligence services and has been attacking research institutions with the intent of stealing information related to the development and testing of coronavirus vaccines.
The US and Canada, whose labs were also targeted by hackers, also backed the agency's assessment.
APT29, also known as 'Cozy Bear' and 'the Dukes', has predominantly targeted diplomatic, governmental, energy, and healthcare organisations in recent years.
"The group frequently uses publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, likely in an effort to obtain authentication credentials to allow further access," NCSC said.
"This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value."
In recent attacks, APT29 conducted basic vulnerability scanning against specific external IP addresses owned by research organisations and then deployed public exploits against the vulnerable services identified, the British agency said.
The group is thought to have gained initial footholds using recently published exploits for vulnerabilities, such as (but not limited to):
- CVE-2019-19781 (Citrix)
- CVE-2018-13379 (FortiGate)
- CVE-2019-11510 (Pulse Secure)
- CVE-2019-9670 (Zimbra)
Britain's Foreign Secretary Dominic Raab described the targeting of the people working to discover a coronavirus vaccine as "completely unacceptable".
In a statement, Kremlin spokesman Dmitry Peskov rejected the accusations as "groundless".
"We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain," Peskov said.
"We can say one thing - Russia has nothing at all to do with these attempts," he added.
Attackers paid a Twitter employee to provide access to accounts including those of Bill Gates, Barack Obama and Elon Musk
The incident is expected to delay Tehran's nuclear enrichment programme by approximately two months
North Korea's Lazarus hackers are planting skimmers on US and European retail websites, researchers warn
The group has developed a global exfiltration network that uses hijacked websites to transfer stolen assets to attackers
EXIF format enables people to store interchange information in digital photography image files using JPEG compression
Hackers are targeting Australian organisations across a broad range of sectors, according to Prime Minister Morrison