16 Jul Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada | Politics News
Russian cyber spies are trying to steal research into coronavirus vaccines and treatments from Britain, the US and Canada, the three countries claimed on Thursday.
The attack is ongoing, with British cyber experts working to defend research institutes, laboratories and other targets in the UK, according to a branch of the spy agency GCHQ.
Organisations in other countries involved in the fight against COVID-19 are also allegedly being targeted.
It came as:
- The government, in a separate development, revealed it had found Russian groups sought to interfere in last year’s general election through the promotion of leaked documents on a potential US-UK trade deal;
- Members of parliament’s Intelligence and Security Committee agreed to publish a long-awaited report into alleged Russian interference in UK politics within the next week.
The National Cyber Security Centre (NCSC) accused a group called APT29 – also known as “the Dukes” or “Cozy Bear” – for the attacks on coronavirus research facilities and said it “almost certainly operates as part of Russian intelligence services”.
APT stands for advanced persistent threats.
The NCSC, which has taken the lead on the Russian attribution, said this assessment is supported by its US and Canadian counterparts.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, the NCSC’s director of operations, said in a statement.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
The NCSC, which is the lead organisation in responding to cyber attacks on the UK, released an advisory that set out details of how the Russian cyber spies are allegedly attempting to steal highly valuable research into treatments and vaccines for COVID-19.
Such information is regarded by all countries as an intelligence priority given the need to combat the pandemic.
The UK and the US warned in May that state-backed cyber attackers are trying to steal data from universities, pharmaceuticals and research institutes involved in the coronavirus response.
On that occasion, a joint advisory published did not name any specific country involved in the “malicious cyber campaigns”, but culprits are understood to include hacking groups from China, Russia and Iran, as well as others.
Russia has always denied allegations of cyber attacks.
This time around, the NCSC accused Russian cyber spies of using a variety of different techniques to access information, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
Prime Minister Boris Johnson’s official spokesman said: “The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
“Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.”
Just hours earlier on Thursday, in a separate development, the UK government revealed Russian groups sought to interfere in last year’s general election through the promotion of leaked documents on a potential US-UK trade deal.
In a written statement to parliament, Foreign Secretary Dominic Raab revealed there is an ongoing criminal investigation into the issue.
He vowed the UK would “continue to call out and respond to malign activity, including any attempts to interfere in our democratic processes” and suggested the government could “respond with appropriate measures in the future”.
Leaked documents on a potential US-UK trade deal became a major debating point in last year’s general election campaign.
Then Labour leader Jeremy Corbyn used the official papers as evidence the NHS would be “on the table” in talks on a post-Brexit trade deal with America.
The documents were found on website Reddit, which said at the time it believed the leak was “part of a campaign that has been reported as originating from Russia”.
But Labour did not, at the time, comment on how it obtained the leaked documents.
In his statement on Thursday, Mr Raab said: “On the basis of extensive analysis, the government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online amplification of illicitly acquired and leaked government documents.
“Sensitive government documents relating to the UK-US Free Trade Agreement were illicitly acquired before the 2019 general election and disseminated online via the social media platform Reddit.
“When these gained no traction, further attempts were made to promote the illicitly acquired material online in the run up to the general election.
“Whilst there is no evidence of a broad spectrum Russian campaign against the general election, any attempt to interfere in our democratic processes is completely unacceptable.
“It is, and will always be, an absolute priority to protect our democracy and elections.”
The developments come ahead of the publication of a long-awaited report into alleged Russian interference in UK politics, which will be released by parliament’s Intelligence and Security Committee within the next week.
The prime minister’s spokesman said it was “nonsense” to suggest the NCSC accusations and Mr Raab’s statement on election interference were designed to deflect from the possible findings of the upcoming ISC report.