Canadian researchers have been targeted by Russian hackers in what security experts say is a continuing series of cyberattacks aimed at scientists in several countries who are developing a vaccine for COVID-19.
A group known as APT29 has begun a “campaign of malicious activity” against “government, diplomatic, think tank, health care and energy targets to steal valuable intellectual property,” Britain’s National Cyber Security Centre said in an advisory issued on Thursday along with Canada’s Communications Security Establishment (CSE) and the U.S. Department for Homeland Security.
The cyberattacks raise concerns about foreign state hackers stealing valuable information for their own gain in the race for a COVID-19 vaccine, as companies and governments around the world back the development of more than 100 vaccines.
The security agencies said APT29 – also known as “the Dukes” or “Cozy Bear,” which was suspected in the 2016 hacks of Democratic National Committee computer servers – was almost certainly part of Russian intelligence services and that it specifically targeted “organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom.”
The attacks “serve to hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic,” the CSE said in a statement.
Prime Minister Justin Trudeau said the government will balance the protection of Canadian COVID-19 research and development with the need to work with partners around the world to develop a vaccine.
“We will ensure every step of the way ... to protect Canadian intellectual property and to protect the hard work of our researchers and to ensure that we’re doing everything right, but at the same time we recognize the need for global collaboration in order to get through this global pandemic,” Mr. Trudeau told reporters in Ottawa on Thursday.
Britain Foreign Secretary Dominic Raab called the actions “completely unacceptable,” and added: “While others pursue their selfish interests with reckless behaviour, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
Mr. Raab also accused Moscow of meddling in last December’s British election “through the online amplification of illicitly acquired and leaked government documents.” He was referring to documents relating to Britain-U.S. trade negotiations that ended up on several websites during the election campaign.
Canada’s Medicago Inc. is believed to have been among the targets of the attack. The Quebec-based company is working on a COVID-19 vaccine using a novel process that involves plants related to tobacco, and has received financial support for the project from the provincial and federal governments.
“Medicago is aware of the cyberattacks targeting networks of organizations involved in COVID-19 vaccine development,” the company said in a statement. “We take this threat seriously. Medicago has a strong cybersecurity infrastructure in place, and we continue to be in contact with authorities to further secure our network and infrastructure.”
David Vigneault, director of the Canadian Security Intelligence Service, said CSIS has been conducting intelligence activities for months and “covertly” advising the government of threats related to vaccine development. CSIS has also advised more than 150 Canadian biopharmaceutical companies about how to protect their intellectual property, he said.
In Britain, the attackers took aim at Oxford University, where researchers have been working on a COVID-19 vaccine with pharmaceutical giant AstraZeneca PLC. The group is expected to release early test results on Monday, and media reports indicate the drug has been successful in producing antibodies and T-cells, which are key components in the body’s immune system.
If all goes well, the researchers hope to have a vaccine ready by October, and AstraZeneca has signed a deal to produce two billion doses.
“Oxford University is working closely with the National Cyber Security Centre to ensure our COVID-19 research has the best possible cybersecurity and protection,” the university said in a statement on Thursday. The NCSC is a British government agency that advises the public and private sectors on threats in the digital realm.
A vaccine project at London’s Imperial College, which is also in the early testing phase, was also likely targeted along with U.S.-based Moderna Inc., which released promising test results of its vaccine this week.
The NCSC report said the attackers used two new versions of malware – called “WellMess” and “WellMail” – as well as “spear-phishing,” where attackers disguise themselves as a friend or work colleague to access information via e-mail. The group will probably continue to target organizations involved in COVID-19 vaccine research and development, the report added.
Officials in Russia quickly rejected the allegations. “We do not have information about who may have hacked into pharmaceutical companies and research centres in Great Britain,” said Dmitry Peskov, a spokesman for the Russian government. “We can say one thing – Russia has nothing at all to do with these attempts. We do not accept such accusations, just as new groundless accusations about interference in the 2019 election.”
Russia has been among the countries hardest hit by the coronavirus that causes COVID-19, with more than 750,000 confirmed cases and nearly 12,000 deaths. The country is also moving ahead quickly with its own vaccine program. On Thursday, officials at the Russian Direct Investment Fund, which is financing the research, said they were on track to have a drug ready by the end of the year, and they hoped to have the entire country vaccinated by early 2021.
Jessica Davis, president of Insight Threat Intelligence, said she was surprised by the direct reference to Russia in Thursday’s report.
“For the agencies involved to get so specific as to name Russia, quite specifically and firmly, as the source of the threat is unusual.”
Stephanie Carvin, an assistant professor at the Norman Paterson School of International Affairs at Carleton University in Ottawa, said she wonders why China or Iran were not included as well because “almost certainly they are involved in this kind of cyberespionage as well.”
The NCSC has issued previous warnings about Russian hackers trying to steal information from scientists. In May, the agency raised concern about password “spraying attacks,” aimed at vaccine researchers, which involve attempts to access a large number of accounts using commonly known passwords. And in April, the NCSC warned about a growing number of cyberscams targeted at COVID-19 researchers and said the rise in people working from home had “increased the use of potentially vulnerable services, such as virtual private networks, or VPNs,” which were being exploited by hackers.
Earlier this year, the CSE told Canada’s COVID-19 researchers to lock down their data because sophisticated hackers were out to steal vaccine research. It issued the warning through an online notice and direct e-mails to dozens of COVID-19 researchers.
With a report from Colin Freeze in Toronto
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.