By Jenny Strasburg in London and Dustin Volz in Washington
A prominent state-backed Russian hacking group was blamed
Thursday by U.S., U.K. and Canadian government officials for
ongoing cyber espionage against organizations involved in the
development of coronavirus vaccines and other health-care-related
work, reflecting an escalation of security risks at a crucial time
in the global response to the pandemic.
Western intelligence officials said that they jointly assessed
Russia as the source of the persistent hacking activity in several
countries. The targets, officials said, include governments, think
tanks, universities, private companies and other organizations
working on vaccine research and testing globally.
The attacks are designed to steal intellectual property related
to the response to Covid-19, the U.S. National Security Agency,
along with its British and Canadian counterparts, said.
Efforts to develop a vaccine have become an international arms
race, with winners seen as benefiting from access to treatments
that would help improve national health and economic stability.
Those factors make the scientific secrets behind vaccine
The accusation comes as coronavirus cases have surged in the
U.S., with confirmed cases climbing to more than 3.5 million a
little over a week after crossing the 3 million mark, and as newly
reported infections around the world reached a record. The U.S.,
which saw a single-day record 67,417 new confirmed cases Tuesday,
added about 66,300 on Wednesday, according to Johns Hopkins
The Western officials identified the hacking group as
Russia-supported APT29, which is also known as Cozy Bear. APT29 is
widely viewed by cybersecurity experts to be a sophisticated and
prolific cyber unit associated with Russian intelligence and has
previously been linked to attacks on the White House, the U.S.
State Department, the Democratic National Committee and European
"Throughout 2020, APT 29 has targeted various organizations
involved in Covid-19 vaccine development in Canada, the United
States and the United Kingdom, highly likely with the intention of
stealing information and intellectual property relating to the
development and testing of Covid-19 vaccines," British, American
and Canadian security agencies said in a technical report.
The warning -- designed to help current and potential targets
boost defenses -- follows already stepped-up protection of
institutions involved in virus research, including vaccine
development. The Western allies' report said the Russian group has
shown some success gaining footholds in targeted computer networks
by exploiting software vulnerabilities and using spearphishing
attacks to compromise login credentials. But U.K. officials said
the attacks haven't thwarted vaccine-related work of which they
The U.K. this year stepped up efforts to protect the University
of Oxford and about a dozen universities battling the virus from
cyberattacks. Oxford is working with U.K. drugmaker AstraZeneca PLC
on a leading vaccine candidate that they say could be ready by this
autumn. An Oxford spokesman said the university was working closely
with Britain's National Cyber Security Centre to ensure its
research had the best cyber protection. An AstraZeneca spokesman
had no immediate comment about the hacking warnings.
Anne Neuberger, director of cybersecurity at the National
Security Agency, said foreign actors were trying to take advantage
of the pandemic. "We encourage everyone to take this threat
seriously and apply the mitigations issued in the advisory," she
Russian presidential spokesman Dmitry Peskov told the official
state news agency RIA Novosti that Russia "will not accept such
There was no response from Russia's Federal Security Service,
nor from the Ministry of Digital Development, Communications and
Mass Media, which deals with cybersecurity.
Russia has mobilized its armed forces and top scientists to
develop its own coronavirus vaccine after President Vladimir Putin
demanded the country have one by this fall. The rush comes after
Russia initially wavered over whether to impose lockdowns to curb
the spread of the virus.
The U.K. cyber center said it relied on several sources to
arrive at its conclusion that Russia was behind the activity. It
said the attackers used custom-built malware dubbed "WellMess" or
"WellMail" to target organizations across the globe working on
vaccine research. The NSA supported the attribution of the hacking
activity to Russia.
Canada's Communications Security Establishment, which is in
charge of cybercrime, said the attacks hindered the efforts of
health-care experts and researchers trying to fight the pandemic.
It urged Canadian hospitals and clinics to bolster protections
against possible attacks.
The U.S.-based cyber firm CrowdStrike accused the same Russian
group of hacking into the DNC in the lead-up to the 2016 election,
saying it quietly monitored email and chat conversations for months
A separate hacking group linked to Russian military intelligence
was also accused of breaking into the DNC and implicated in
stealing and leaking emails as part of a broader cyber effort that
U.S. intelligence agencies later concluded was intended to harm
Democratic candidate Hillary Clinton's campaign and boost Mr.
Trump. That finding was corroborated by former special counsel
Robert Mueller and a bipartisan report by the Senate Intelligence
Committee. Russia has denied the attacks.
In the U.K., authorities noticed a significant increase in
malicious activity in June, much of which they believed to be
Russian, according to people briefed on the activity.
In one case of apparently mistaken identity, attackers
repeatedly tried to hack a health-care entity containing "Oxford"
in its name but not part of the university, according to the
Russia isn't the only country seeking to steal intellectual
property from foreign computer networks, say government and
private-security experts involved in responses.
In May, U.S. officials issued a public alert accusing Chinese
hackers of targeting American universities and health-care
companies in a bid to steal intellectual property, saying that
intrusions could jeopardize medical research.
Trump administration officials have also said privately that
Iran or its proxies have been targeting similar types of facilities
using a relatively crude technique known as password spraying,
which attempts to compromise an organization by rapidly guessing
common account-login passwords.
Among Iran's recent targets, people familiar with the matter
have said, was the pharmaceutical company Gilead Sciences Inc.,
which has produced the antiviral drug remdesivir that was given
emergency-use authorization by the Food and Drug Administration as
a potential Covid-19 treatment.
Security experts also say that they have seen several
adversaries seek to steal research related to the coronavirus and
that such attempts weren't surprising given the severity of the
"Covid-19 is an existential threat to every government in the
world right now, so it's no surprise to see them leveraging their
cyber espionage capabilities to gather information on a cure," said
John Hultquist, director of intelligence analysis at U.S.-based
cyber firm FireEye and a longtime watcher of APT29. "We have seen
the Russians as well as Chinese and Iranian actors target the
pharmaceutical and research space in an effort to gather
information on developing vaccines."
--Paul Vieira in Ottawa, Stu Woo in London and Ann Simmons in
Moscow contributed to this article.
Write to Jenny Strasburg at email@example.com and Dustin
Volz at firstname.lastname@example.org
(END) Dow Jones Newswires
July 16, 2020 17:26 ET (21:26 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.
Gilead Sciences (NASDAQ:GILD)
Historical Stock Chart
From Aug 2020 to Sep 2020
Gilead Sciences (NASDAQ:GILD)
Historical Stock Chart
From Sep 2019 to Sep 2020