The cyber group is known as APT29, also named “the Dukes” or “Cozy Bear,” and has previously exploited other organizations globally. The UK's National Cyber Security Centre (NCSC) said that it was 95% sure that APT29 is part of Russian intelligence services, an assessment supported by the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," said in a statement NCSC Director of Operations, Paul Chichester.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector."
Chicester further urged organizations to familiarise themselves with the advice published to help protect their private data and defend their networks.
The NCSC also warned that APT29’s campaign of malicious hacking activity is not only recent but rather ongoing. The hackers target predominantly government agencies, diplomatic organizations, think-tanks, and the healthcare and energy sectors.
Their aim is to steal valuable intellectual property and they do so by using a variety of tools, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
The NCSC assesses that it is highly likely (80 – 90%) that this most recent attack was to collect information on coronavirus vaccine research. This, however, will not deter the UK from continuing its crucial research.
"It is completely unacceptable that the Russian Intelligence Service is targeting those working to combat the coronavirus pandemic," said in a statement Foreign Secretary, Dominic Raab.
"While others pursue their selfish interests with reckless behavior, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health."