LONDON (AA) – A group of hackers “almost certainly” part of Russia’s intelligence services are trying to reach the secrets of UK, US and Canadian organizations working on a coronavirus vaccine, British cyber security agency said Thursday.
In an advisory, the National Cyber Security Centre (NCSC) detailed “activity of the threat group known as APT29,” and said drug companies and research groups were targeted.
The agency said, according to their assessment, APT29, also named the Dukes or Cozy Bear, was “almost certainly” part of the Kremlin’s intelligence services.
“This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA),” it said.
APT29’s campaign of malicious activity “is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property,” the NCSC said.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” Paul Chichester, NCSC director of operations said.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector,” Chichester said.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks,” he added.
According to the British cyber security agency, known targets of APT29 include UK, US and Canadian vaccine research and development organizations.
The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.