UK claims Russians hacked COVID-19 research

Security tightens around Australia’s trials after the hacking attempt on three countries.

Jacquelin Magnay

@jacquelinmagnay

3 min read

12:43AMJuly 17, 2020.

Updated 10:50AMJuly 17, 2020

The Russia hacking group APT29 – also known as Cozy Bear and The Dukes – was behind the attacks, the UK says.

A Russian cyber-hacking group, with close links to the Kremlin, has tried to steal vaccine information from targeted universities and organisations in three countries, the British government has claimed.

The hacking group known as APT29 — also known as Cozy Bear and The Dukes — has been attempting to steal information from British, American and Canadian institutions, the National Cyber Security Centre (NCSC) said on Thursday, adding that the hackers “almost certainly operate as part of Russian Intelligence Services”.

It is unclear if the Australian vaccine trials have also been targeted but Australia — as part of the Five Eyes security network — has access to the intelligence and will move to bolster security surrounding local companies.

These include the University of Queensland trial, which began phase one testing of people this week, and its drug partner CSL as well as the biotechnology company Vaxine, which also began phase one testing earlier this month.

The American company Novavax, has also used Australians in its testing program.

UK foreign secretary, Dominic Raab, said it was “completely unacceptable” for Russian intelligence services to target vaccine research.

He said: “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health. The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”

The APT29 group has been active for several years, and is also known in the hacker community as the Dukes or Cozy Bear. A variation of the same hacking group, APT28, or Fancy Bear, was linked to cyber attacks seeking athlete data, including Australians, when the World Anti Doping Agency and other drug agencies around the world were targeted in late 2016. This was in retaliation for Russia being sidelined at the Rio Olympics following a cheating scandal at the Sochi Winter Olympics.

The same hacking group has been linked to attacks on the Democratic party in the run-up to the 2016 US elections.

In a second accusation levelled at Russia, the British government has also claimed leaked documents on US-UK trade talks that were promoted by then Labour leader Jeremy Corbyn during the UK general election last year was ‘’almost certainly’’ spread by ‘’Russian actors’’.

Relationships between Britain and Russia have been at a low point since the 2018 Novichok poisoning attack on former Russian spy Sergei Skripal and his daughter Yulia in Salisbury. The poison operation claimed the life of a vulnerable British woman, Dawn Sturgess.

The alleged state-sponsored cyber attack on universities and groups linked to trials of COVID-19 vaccines is believed to have targeted both of the UK vaccine trials at Oxford University and the Imperial College London.

The NCSC said Canadian and American agencies agreed that APT29’s attacks were highly likely in order to collect information on COVID-19 vaccine reach or research into the coronavirus itself.

The agencies, including the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) said APT29’s campaign of malicious activity is “ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property’’.

NCSC Director of Operations, Paul Chichester, said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.’’

Meanwhile the British government claims Mr Corbyn used 451 pages of Russian-hacked documents in the December election campaign when he accused Boris Johnson of selling out the National Health Service.

Mr Raab told the Commons on Thursday: “On the basis of extensive analysis, the Government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 General Election through the online amplification of illicitly acquired and leaked Government documents.

‘Whilst there is no evidence of a broad spectrum Russian campaign against the General Election, any attempt to interfere in our democratic processes is completely unacceptable.’’

He added there was an ongoing criminal investigation and the Government reserves the right to respond with ‘’appropriate measures’’.