Russian Hackers Named ‘Cozy Bear’ Are Targeting COVID-19 Vaccines
- A security organization in the U.K. says a group of Russian hackers is targeting research centers involved in COVID-19 (coronavirus) vaccine development.
- The adversary group is using spear-phishing to target the research centers, a practice that uses deception to get victims to click on links with hidden malware.
- These attacks come at a time when U.S.- and U.K.-based organizations have begun seeing promising results from preliminary vaccine experiments.
Russian hackers are targeting research centers that are involved in the development of a vaccine for the COVID-19 (coronavirus) pandemic, according to a U.K.-based government security organization.
In an advisory, the National Cyber Security Centre (NCSC) says a group of Russian adversaries called “APT29,” a.k.a. “the Dukes” or “Cozy Bear,” is running a campaign of malicious activity.
According to the advisory, Cozy Bear is targeting U.K.-, U.S.-, and Canada-based vaccine research and development organizations. The U.S. National Security Agency (NSA) and Canada’s Communications Security Establishment have confirmed the report.
The threats come as vaccine studies in the U.S. and U.K. have turned up promising results. Last week, for example, the Massachusetts-based biotechnology firm Moderna published data that suggests early-stage trials of its experimental shot are working. Patients who were injected with the vaccine had more neutralizing antibodies than even most people who have recovered from COVID-19. Moderna detailed those results in the New England Journal of Medicine.
Dmitry Peskov, a spokesperson for the Kremlin, told the Russian news agency RIA-Novosti that Russia had “nothing to do” with the COVID-19-related hacking attacks. “We do not have information regarding who could have hacked pharmaceutical companies and research centers in the UK,” he said. “We can say one thing—Russia has nothing to do with these attempts.”
Based on Cozy Bear’s past, organizations should take the threat seriously, said Anne Neuberger, cybersecurity director for the NSA, in a statement. Experts believe Cozy Bear is one of the two Russian hacking groups that gained access to the Democratic National Committee’s internal systems prior to the 2016 U.S. Presidential election, according to CNN.
Cozy Bear’s tools include spear-phishing, and the use of a custom type of malware known as “WellMess” and “WellMail.”
Spear-phishing occurs when a target receives an email that looks like it’s coming from a trustworthy source, but is actually from a bad actor, according to the cybersecurity firm Kaspersky. Sometimes, the emails even appear urgent and like they’re from important sources. For example, the U.S. Federal Bureau of Investigation has previously warned the public about spear-phishing attacks that look like they come from the National Center for Missing and Exploited Children.
The links inside the spear-phishing emails often redirect users to a website full of malware, or a piece of software that’s written with the express intent to damage devices or steal data. These can take the form of computer viruses, Trojans (malicious programs disguised as legitimate software), spyware (covertly transmitting data from the target computer), and ransomware (asks for a ransom to unlock your device).
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, director of operations for NCSC, said in the organization’s statement. “Our top priority at this time is to protect the health sector.”