Western governments are a blaming a Russia-linked hacking group known as "Cozy Bear" for attempting cyberattacks on organizations working to develop a vaccine for the coronavirus. (AP Photo/Virginia Mayo)
Cozy Bear, also known as APT29, is one of the same hacking groups that a forensic analysis from cybersecurity firm Crowdstrike found was behind the attacks on the Democratic National Committee in the run-up to the 2016 U.S. presidential election. How exactly the group is connected to the Kremlin is not always clear, but the U.S. National Security Agency on Thursday called Cozy Bear a "Russian Intelligence Service group," while U.K. officials said it "almost certainly operates as part of Russian intelligence services."
"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," the NCSC's director of operations, Paul Chichester, said in a statement.
The Russia-linked hacking group's ongoing "campaign of malicious activity" has also targeted businesses in the energy sector, as well as government, diplomacy and think-tank organizations, in efforts "to steal valuable intellectual property," U.K. officials wrote in the joint statement with the NSA, the U.S. Department of Homeland Security's Cybersecurity Infrastructure Security Agency and the Canadian Communication Security Establishment.
A Kremlin spokesman, Dmitry Peskov, said Thursday that Russia was not involved in, and does not know about, any cyberattacks aimed at stealing coronavirus research in the U.K.
"We have no information on who could have hacked pharmaceutical companies and research centres in Great Britain," Peskov said, according to a report in the Russian state-owned TASS news agency. "We can only say this: Russia has nothing to do with these attempts."
Officials in the U.S., U.K. and Canada warned organizations involved in responding to the coronavirus that the hacking group uses a variety of tools and techniques, including luring targets into clicking on malicious links with "spear-phishing" attempts and using a custom form of malicious software known as "WellMess" and "WellMail."
Thursday's alert comes as COVID-19 has brought with it a rise in cyberattacks, with industry experts pointing to the health care ecosystem as an obvious target.
Hacking groups linked to Russia are not the only ones targeting organizations involved in the coronavirus response efforts, U.S. authorities say. U.S. officials in recent weeks have also accused cybercriminals "affiliated" with the Chinese and Iranian governments of similarly exploiting panicked employees and stretched-thin IT staffs during the pandemic in attempts to steal vaccine research and other intellectual property.
--Editing by Alyssa Miller.
For a reprint of this article, please contact reprints@law360.com.