Tag: Intelligence

UK Condemns Russian Intelligence Services over Vaccine Cyber Attacks


The Foreign Secretary has called out Russia’s unacceptable cyber attacks against COVID-19 vaccine developers.

On Thursday, the UK has called for an end to irresponsible cyber-attacks by the Russian Intelligence Services, who have been collecting information on vaccine development and research into the COVID-19 virus.

This follows a joint advisory today (16 July) by the UK’s National Cyber Security Centre (NCSC), the US and Canada on how to protect against these attacks.

The Foreign Secretary, Dominic Raab said, “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic, while others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”

“The UK will continue to counter those conducting such cyber-attacks, and work with our allies to hold perpetrators to account”, Raab said.

The UK shared some details:

  • The actors responsible are known and tracked in open source as APT29, Cozy Bear and The Dukes.
  • NCSC are almost certain (95%+) that APT29 are part of the Russian Intelligence Services. APT29 has targeted medical research and development organizations. NCSC assess it is highly likely (80 – 90%) that this activity was to collect information on COVID-19 vaccine research or research into the COVID-19 virus itself.
  • Find further details on the framework used by the UK government for all source intelligence assessments, including the probability yardstick.
  • NCSC advice on how to protect against this threat is available.

The UK released the report, “APT29 targets COVID-19 vaccine development” in which the report details recent Tactics, Techniques and Procedures (TTPs) of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.

The report provides indicators of compromise as well as detection and mitigation advice.

The United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) assess that APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a cyber espionage group, almost certainly part of the Russian intelligence services. The United States’ National Security Agency (NSA) agrees with this attribution and the details provided in this report.

The United States’ Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) endorses the technical detail and mitigation advice provided in this advisory.

The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.

Throughout 2020, APT29 has targeted various organizations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.

APT29 is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organizations globally. This includes those organization’s involved with COVID-19 vaccine development. WellMess and WellMail have not previously been publicly associated to APT29.

Blogs to Follow:

NCSC.gov.uk; Gov.UK (July 2020) Advisory: APT29 targets COVID-19 vaccine development; UK condemns Russian Intelligence Services over vaccine cyber attacks