Britain’s cyber-security agency, along with the US and Canada on Thursday denounced an attempt by a Kremlin-associated hacking group to steal potential coronavirus vaccine research.
According to a joint statement by Britain, the United States, and Canada, the hacking group APT29 is reportedly targeting the organizations involved in COVID-19 vaccine development. And UK’s National Cyber Security Centre (NCSC) said the hackers “almost certainly” operated as “part of Russian intelligence services.”
Also, the United States National Security Agency and the Canadian Cybersecurity Authority (the Canadian Communication Security Establishment), states that attacks against national scientists are part of a global campaign by the Russian computer group, which seeks to usurp the secrets of the vaccine search.
While investigating the attacks, agencies find out APT29 used a type of malware known as ‘ WellMess’ or ‘WellMail’, which allows hackers to gain access to the victims’ computers. The existence of WellMess has been known since 2018 when it was used against Windows and Linux computers in Japan.
Once they gain access, attackers are able to access all system files,and can both download them and upload new infected files, with total impunity.
According to cybersecurity agencies in the US, UK, and Canada, the goal of these attacks is not only to steal information and intellectual property on the development of the potential vaccine but also to affect the response against coronavirus. The attacks affect several teams of researchers in the three countries mentioned.
APT29 has been associated with the Kremlin and cyber-attack campaigns organized by the Russian government. Its primary targets are government and diplomatic representatives, in addition to data theft and smuggling.