A report published by the British National Cyber Security Center (NCSC) describes the activities of the Russian hacking group in detail and explicitly calls for efforts to focus on research and development organizations for vaccines in the USA, Great Britain and Canada.
“APT29’s campaign for malicious activity continues, particularly against government, diplomatic, think tank, health, and energy goals to steal valuable intellectual property,” the report said in a press release.
Cozy Bear is one of two hacking groups related to Russian intelligence that are believed to have accessed the internal systems of the National Democratic Committee prior to the 2016 US election. However, Thursday̵
The U.S., UK and Canadian authorities have issued several warnings about government-sponsored cyber attacks against organizations that have been involved in the coronavirus response in recent months.
In April, CNN also reported a growing wave of cyberattacks against U.S. government agencies and medical institutions, leading the pandemic response from nation states and criminal groups.
Hospitals, research laboratories, healthcare providers and pharmaceutical companies were affected.
The Ministry of Health and Human Services, which oversees disease control and prevention centers, has also been hit by a flood of daily strikes. An official with direct knowledge of the attacks previously told CNN that Russia and China were the main culprits.
“The National Security Agency (NSA) and our partners remain committed to protecting national security by jointly issuing this important cybersecurity recommendation as foreign actors continue to benefit from the ongoing COVID-19 pandemic,” said the NSA Director of Cyber Security. Anne Neuberger said in a statement on Thursday.
“APT29 has a long tradition of targeting government, diplomats, think tanks, health and energy organizations to gather information. We therefore encourage everyone to take this threat seriously and to apply the mitigations identified in the report,” she said.
The NCSC, the UK’s leading cybersecurity agency and part of the British Government Communications Headquarters (GCHQ), rated APT29 as “almost certainly part of Russian intelligence”.
This assessment is also supported by partners from the Canadian Communication Security Establishment (CSE), the Cybersecurity Infrastructure Security Agency (CISA) from the United States Department of Homeland Security (DHS) and the National Security Agency (NSA), according to the NCSC.
“We condemn these despicable attacks against those who are doing important work to fight the coronavirus pandemic,” said Paul Chichester, Director of Operations at NCSC, in a statement. “Working with our allies, the NCSC is committed to protecting our most important assets. At the moment, protecting the health sector is a top priority.”
The press release states that the NCSC previously warned that Advanced Persistent Threats (APT) groups target organizations that are involved in both national and international Covid-19 responses.
APT29 uses a variety of tools and techniques, including spear phishing and custom malware, known by the NCSC as “WellMess” and “WellMail”.
The report concluded: “APT29 is likely to continue to target organizations involved in the research and development of COVID-19 vaccines as they attempt to answer additional intelligence related issues related to the pandemic.”