Back in May, UK’s and USA’s intelligence agencies pointed to Chinese hackers when several entities dedicated to Coronavirus vaccine research were hacked. Now, intelligence officials from the NSA are accusing “APT29” (aka “Cozy Bear”) for targeting British, Canadian, and American organizations that are all in the race for developing a vaccine.
“APT29” was mostly active back in 2013-2016, but the group has recently reappeared in the news thanks to an ESET report. According to the evidence presented there, the Russian group of hackers has been targeting high-profile entities all along, and so their retirement was a false assumption.
The NSA says their radar caught APT29 trying to breach university and healthcare organization systems, with their purpose being cyber-espionage and data exfiltration. The hackers mostly used phishing emails to grab user credentials and use them to access the sensitive information themselves.
According to the NSA, the Russians also tried to plant custom malware tools onto their targets’ machines in many cases, either to steal passwords or to hope for a USB carrier to inject the malware at any point in the medical supply chain. These are highly sophisticated threat actors we’re talking about, so they have many tricks up their sleeves.
Related: The “ARCHER” Supercomputer in the UK Suffered a Security Breach
The accusations weren’t accompanied by concrete evidence, and naturally, the Russians denied any involvement in the claimed cyberattacks. The fact that Britain’s National Cyber Security Center gives the same attribution hasn’t played any role for Moscow, and they see it as part of the usual “allies rapport.” The Brits say they first detected these attacks in February, but they are confident that none was successful.
However, recent vaccine development reports coming from Russian teams have an otherwise inexplicable resemblance with the vaccine that the Oxford University and the “AstraZeneca” pharmaceutical firm are developing.
AstraZeneca is already leading the race (among 23 vaccines currently tested on humans). The US has expressed its willingness to invest $1.2 billion in its program, helping accelerate the development of the vaccine. Surely, the Russians would love to have that formula and a working vaccine ready even sooner.
Many experts believe that Moscow’s pride is too powerful for the Putin government to engage in hacks of this kind and still point to Chinese state actors. However, the malware that is used by APT29 has been confirmed to be part of the group’s arsenal in previous attacks, so on the condition that none of this is fabricated for political reasons, the evidence points to “Cozy Bear”.