U.K. And U.S. Spies Blame Russian Hackers For Targeting Covid-19 Vaccine Research

Author image

Thomas Brewster   Forbes U.S. Staff


Hackers believed to be employed by the Russian government have been blamed for trying to steal information from the West’s various Covid-19 vaccine research projects.

That’s according to an analysis by the NSA and National Cyber Security Center (NCSC), a branch of U.K. signals intelligence body GCHQ. The agency said the Russian group, dubbed “APT29” or “Cozy Bear,” “has targeted various organizations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.”

It’s doing so by scanning target organizations, none of which were named, for vulnerabilities in network technology from industry giants like Citrix and Fortinet, the NCSC said in a briefing shared with Forbes ahead of publication. They then try to infect targets with malware called WellMess and WellMail, both designed to spy on network activity and steal files.

“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said NCSC director of operations Paul Chichester.

“Working with our allies, the NCSC is committed to protecting our most critical assets, and our top priority at this time is to protect the health sector.

“We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.”

Cozy Bear was previously linked by the U.S. government to attacks on the Democratic National Committee (DNC) in the infamous 2016 election hacks, along with another Russian crew called Fancy Bear.

Coronavirus research has become a magnet for hackers, with U.S. officials warning in May that China had targeted researchers. In a joint announcement, the FBI and the DHS Cybersecurity and Infrastructure Security Agency (CISA) said they were investigating claims Chinese hackers were looking to “identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments and testing from networks and personnel affiliated with Covid-19-related research.”

Again, specific targets were not named, but many academic and private organizations are working on a Covid-19 vaccine, including Oxford University, Moderna and Johnson & Johnson, to name just a few.

When Forbes spoke with Johnson & Johnson chief scientist Dr. Paul Stoffels, as it announced its own vaccine development, he said he wasn’t concerned about the likes of China trying to steal information on Covid-19 treatments. “I have no concerns about that at this moment. And in the beginning of this epidemic, I was in contact with some Chinese colleagues,” he told Forbes.

“In the end, normal people in the world are all now busy with one thing—how can we solve this as fast as possible? You probably have some criminal organizations that want to attack your organization with a cyberattack. But we are protected for that, we are organized to fend that off, so I don’t fear that.”

Stoffels may have underestimated the willingness of states to conduct corporate espionage, even when it’s human lives that are at stake.

Author image

Thomas Brewster   Forbes U.S. Staff

I'm associate editor for Forbes, covering security, surveillance and privacy. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist of the year in 2012 and 2013 for a range of exclusive articles, and in 2014 was handed Best News Story for a feature on US government harassment of security professionals.