The UK’s National Cyber Security Centre (NCSC) said the hackers “almost certainly” operated as “part of Russian intelligence services”.
It said the group used malware to try and steal information relating to Covid-19 vaccine development.
NCSC director of operations Paul Chichester said it was “despicable”.
The warning was published by a group of security services:
- the UK’s NCSC
- the Canadian Communication Security Establishment (CSE)
- the United States Department for Homeland Security (DHS) Cyber-security Infrastructure Security Agency (CISA)
- and the US National Security Agency (NSA)
The hackers are part of a group called APT29, also known as “the Dukes” or “Cozy Bear”.
They exploited software flaws to get access to vulnerable computer systems, and used malware called WellMess and WellMail to upload and download files from infected machines.
They also tricked individuals into handing over login credentials with spear-phishing attacks.
- Phishing emails are designed to trick the recipient into handing over their personal information
- Spear phishing is a targeted and personalised form of the attack, designed to trick a specific individual. Often the email appears to come from a trusted contact, and may include some personal information to make the message seem more convincing
“Throughout 2020, APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines,” the report said.
It did not specify which organisations were targeted, or whether any information had been stolen.