A cyber espionage group believed to be backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic institutions and pharmaceutical companies, according to a report from UK's National Cyber Security Centre (NCSC).
This report details recent actions of the group commonly known as APT29, also known as "the Dukes" or "Cozy Bear." According to the report, "Throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines."
But according to Ciaran Martin, NCSC CEO, there is not reason to believe that the group was successful in its attempts to steal data.
The NCSC assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), the NCSC said.
The APT29 group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail."
Kremlin spokesman Dmitry Peskov told Russia's TASS news agency that Russia has nothing do with the attacks.
Read the advisory here