A hacker group highly suspected to be acting under the auspices of a foreign power has been targeting COVID-19 vaccine research centres in Canada, the US, and the UK, the countries’ respective intelligence agencies have warned.
Canada’s Communications Security Establishment (CSE) said that the hacker group APT29, also known by the name Cozy Bear and the Dukes, is behind the malicious activity.
According to a statement from the CSE, APT29 “almost certainly operates as part of Russian intelligence services.”
“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic,” the CSE statement said.
A joint assessment from the CSE, the UK’s National Cyber Security Centre, and the US’s NSA said that APT29 “is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”
The three agencies also said that the Russian malicious actors have been using the custom malware called WellMess and WellMail.
When asked if the hacking attempts were successful, and which Canadian facilities were targeted, a CSE spokesperson said that the agency is typically “not able to comment on, or confirm details about specific cybersecurity incidents.”
The CSE did confirm with CBC News that a threat bulletin revealed that a Canadian biopharmaceutical company was hit by a foreign cyberattack in mid-April.
Public Safety Minister Bill Blair said that he does not think the alleged cyberattack sets back Canada’s research into the vaccine.
“But it’s a useful reminder to all of those scientists and industries right across Canada who are working very diligently to find that vaccine. Canadians and the world need it. It’s important work,” the minister said.