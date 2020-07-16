The group, known as both APT29 and Cozy Bear and associated with Russian intelligence, has sought to exploit the chaos created by the coronavirus pandemic, officials said.

The National Security Agency said that a hacking group implicated in the break-ins into Democratic Party servers in 2016 has been trying to steal intelligence on vaccines from health care organizations.

WASHINGTON — Russian hackers, opening a dangerous new front in intelligence battles, are attempting to steal coronavirus vaccine research, the US, British, and Canadian governments said Thursday.

The Russian hackers have targeted British, Canadian, and US organizations using malware and sending fraudulent e-mails to try to trick people into turning over passwords and other security credentials, all in an effort to access the research as well as information about medical supply chains.

Advertisement

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, director of operations for Britain’s National Cyber Security Center.

The Russians are not alone in trying to steal vaccine information from the United States and other countries. The US government has previously warned about efforts by China and Iran to steal vaccine research.

There was probably little immediate damage to global public health, said Mike Chapple, an associate professor who teaches cybersecurity at the University of Notre Dame and a former National Security Agency computer scientist.

“The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road,” he said.

Cozy Bear is one of the highest-profile, and most successful, hacking groups associated with the Russian government.

It was blamed alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.

“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care, and energy organizations for intelligence gain, so we encourage everyone to take this threat seriously,” said Anne Neuberger, the National Security Agency’s cybersecurity director.

Advertisement

While the ties between Cozy Bear and Russian spy services are not always clear, the National Security Agency called Cozy Bear a Russian intelligence group Thursday, and the British government said that the hackers are almost certainly part of the Russian intelligence services.

The US government did not say how much vaccine information the Russian group has stolen, or what damage to research efforts the hacking may have caused.

Some officials suggested the attacks have not been hugely successful but are widespread enough to warrant a coordinated international warning.

The three governments’ cyberdefense arms published advisories aimed at helping health care organizations bolster their computer network defense.

The National Security Agency and the British cybersecurity center declined to identify victims of the hacks, although academic organizations and labs doing vaccine research appear have been their focus.

The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”

The Russian group has not previously used that malware, according to British officials. But US officials said they were confident in attributing the attacks to the Russian hacking group. US officials declined to comment on the precise intent of the Cozy Bear hack.

Dmitry Peskov, spokesman for President Vladimir Putin of Russia, said Thursday Russia has no knowledge of or involvement in attempts by hackers to steal coronavirus vaccine research in the United Kingdom.