A Russian hacking group has tried to target COVID-19 related to vaccine research in Canada, the UK and the US, according to Canada’s cyber spies.
The Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.
The statement released on Thursday morning said: ” The group almost certainly operates as part of Russian intelligence services.”
According to the statement, custom malware known as WellMess and WellMail have been used to target different organizations around the world.
“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when health-care experts and medical researchers need every available resource to help fight the pandemic,” the CSE statement says.
The spokesperson said that the CSE is “not able to comment on, or confirm details about specific cybersecurity incidents” when asked if any data was stolen or accessed and what facilities in Canada were targeted.
U.K. Foreign Secretary Dominic Raab tweeted that his government stands with Canada and the U.S. “against the reckless actions of Russia’s intelligence services, who we have exposed today for committing cyber attacks against those working on a COVID-19 vaccine.
In May, the CSE said authorities were investigating possible security breaches at Canadian organizations doing COVID-19-related research but did not say who was behind the attacks and where they were coming from.