Russian state-backed hackers have attempted to steal knowledge about coronavirus vaccine development in Britain, the United States and Canada, Britain’s cybersecurity agency said on Thursday. The National Cyber Security Centre (NCSC) said APT29, the group behind the attacks, “almost certainly” operates as part of Russian intelligence services.
Teams at Oxford University and Imperial College London working on coronavirus vaccines are understood to have been among the targets.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the NCSC’s head of operations.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
The NCSC said APT29, which is also known as “the Dukes” and “Cozy Bear”, also targeted coronavirus vaccine research and development organisations in the United States and Canada. US intelligence officials blame the group for the hacking of Democratic Party emails ahead of the 2016 presidential election.
The NCSC said the group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
Britain’s foreign secretary, Dominic Raab, described as “completely unacceptable” any attempt by Russian intelligence to target vaccine research.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account,” he said.
The Russian news agency RIA quoted government spokesman Dmitry Peskov as saying the Kremlin rejected the allegations, which he said were not backed by proper evidence.
Earlier, Mr Raab said Russian actors had attempted to interfere with last December’s general election in Britain by “amplifying” leaked documents from the Department of International Trade about negotiations on a possible trade deal with the US. Labour presented the documents, which appeared on Reddit, as evidence that the Conservative government was willing to open up the National Health Service (NHS) to privatisation as part of a trade deal.
“Sensitive government documents relating to the UK-US Free Trade Agreement were illicitly acquired before the 2019 general election and disseminated online via the social media platform Reddit. When these gained no traction, further attempts were made to promote the illicitly acquired material online in the run-up to the general election,” Mr Raab said.
“While there is no evidence of a broad-spectrum Russian campaign against the general election, any attempt to interfere in our democratic processes is completely unacceptable. It is, and will always be, an absolute priority to protect our democracy and elections.”
The Russian embassy in London said that Moscow would respond appropriately to any unfriendly British actions and the foreign ministry in Moscow described the British allegations as contradictory and unclear.
Westminster’s Intelligence and Security Committee will next week publish a long-delayed report on Russian interference in British democracy. The report was completed in 2018 but its publication was delayed by Downing Street and it focuses on possible Russian interference in the 2016 Brexit referendum and the 2017 general election.
The prime minister’s official spokesman dismissed as “nonsense” the suggestion that Thursday’s announcements were timed to overshadow the committee’s report, which has been rumoured to include revelations about Russian donors to the Conservative party.