Hackers linked to the Russian intelligence agencies are targeting British scientists seeking to develop a coronavirus vaccine, the National Cyber Security Centre (NCSC) has warned.
In a joint statement with the US National Security Agency and the Canadian Communication Security Establishment, the NCSC said the attacks were part of a global campaign by the group known as APT29 to steal the secrets of vaccine research.
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
The UK is home to two of the leading research programmes to develop a vaccine based at Oxford University and Imperial College London.
The NCSC said that, together with the US and the Canadians, it had assessed that APT29 – also known as the Dukes or Cozy Bear – was “almost certainly” operating as part of the Russian intelligence services.
It said the group’s campaign of “malicious activity” was aimed predominantly at government, diplomatic, think-tank, healthcare and energy targets in an attempt to steal valuable intellectual property.
The NCSC has previously warned that APT (standing for advanced persistent threat) groups have been targeting organisations involved in both national and international Covid-19 research.
APT29 is said to use a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
Foreign Secretary, Dominic Raab, said: “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
APT29 has been operating for a number of years but this is the first time the NCSC – which operates under the auspices of the GCHQ spy agency – has publicly linked it to Russian intelligence
The group was previously implicated in attacks on the Democratic Party during the 2016 US presidential elections and its activities are said to be known at the “highest level” of the Russian state.
Since the start of the Covid-19 pandemic it is said to have been targeting research into vaccines and therapeutics in multiple countries, focusing particularly on pharmaceutical and academic institutions.
It is said to specialise in exploiting known vulnerabilities in software and then rapidly “weaponising” them.