U.S. security agencies and their British and Canadian partners on Thursday accused Russian hackers of targeting organizations developing the COVID-19 vaccine, sparking condemnation on both sides of the Atlantic and warnings to companies that their research may be at risk of being stolen.
Moscow denied responsibility for the apparent cyber spying campaign, which was revealed in an advisory issued by Washington and its allies that claimed the culprits were “almost certainly” part of the Russian government.
Known by names such as “APT29,” “the Dukes” and “Cozy Bear,” the hacking group has targeted organizations in the U.S., Britain and Canada with the “highly likely” intention of stealing intellectual property relating to the vaccine’s development, said the advisory.
No targeted organizations were named in a publicized version of the document, which also did not indicate whether any specific data was actually stolen by hackers. The advisory did, however, say the hackers have successfully exploited known computer vulnerabilities to gain “initial footholds” within an unspecified number of organizations involved in fighting COVID-19.
It said the hackers used custom malware not publicly associated with any campaigns previously attributed to the group, which has been active since at least 2008 and implicated in several high-profile intrusions including breaching the Democratic National Committee during the last U.S. presidential race.
“It should be clear by now that Russia’s hacking efforts didn’t stop after the 2016 election,” said Sen. Mark Warner, Virginia Democrat and ranking member of the Senate Select Committee on Intelligence.”
Moving forward, the United States and the western world need to be prepared for increasingly aggressive cyber-attacks from Russian actors,” Mr. Warner told The Washington Times. “That’s going to require all of us — government, corporations and individuals — to step up our game.”
Senate Minority Leader Kevin McCarthy, California Republican, told The Times “these continued malicious actions to weaken our pandemic response must not go unchecked.”
Mr. McCarthy said he intends to introduce legislation soon that would ensure the hackers are held responsible.
House Intelligence Committee Chairman Rep. Adam B. Schiff, California Democrat, urged President Trump to act and said he was asking for a briefing from his administration.
“There is no issue more critical to the health and safety of our nation and its citizens right now than testing, tracing, treating and vaccinating,” said Mr. Schiff. “The consequences are literally life and death.”
White House press secretary Kayleigh McEnany told reporters the administration was aware of the activities included in Thursday’s advisory, saying the U.S. “worked very closely with our allies” to ensure COVID-19 vaccine research was protected.
The first cases of COVID-19 were reported in China and more than 13.5 million infections have been confirmed globally.
British Foreign Secretary Dominic Raab on Thursday called it “completely unacceptable” that Russia would allegedly target organizations working to combat the pandemic.” Canada’s Communications Security Establishment, one of the agencies that issued Thursday’s advisory with the U.S. National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and Britain’s National Cyber Security Centre, said the attacks would “hinder response efforts at a time when health care experts and medical researchers need every available resource.”
Russia flatly denied responsibility, as it has with other major computer intrusions blamed on longtime President Vladimir Putin’s regime.
“We find such accusations unacceptable,” Kremlin spokesman Dmitry Peskov said Thursday. “We have no information on who could have hacked pharmaceutical companies and research centers in the U.K. We can say only one thing, Russia has nothing to do with these attempts.”