(The Canadian Press)

Russian hackers seeking to steal COVID-19 vaccine data: intel agencies

It is believed APT29, also known as ‘the Dukes’ or ‘Cozy Bear’ was responsible

Canadian, British and U.S. security services say hackers they believe are working for Russian intelligence have been trying to steal research on COVID-19 vaccines from organizations in all three countries and around the world.

Canada’s Communications Security Establishment says the malicious cyberactivities were very likely undertaken to pilfer information and intellectual property relating to the development and testing of vaccines for the novel coronavirus.

The cyberspy agency says the clandestine activity is hindering response efforts at a time when health-care experts and medical researchers need every available resource to help fight the pandemic.

The CSE’s Centre for Cyber Security assesses that APT29, also known as ”the Dukes” or “Cozy Bear,” was responsible, and almost certainly operates as part of Russian intelligence services.

“The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, health-care and energy targets for intelligence gain,” says a joint advisory from the CSE and its allies.

“APT29 is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”

This assessment is supported by partners at Britain’s Government Communications Headquarters’ National Cyber Security Centre, the U.S. National Security Agency, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The CSE is urging Canadian health organizations to review a technical advisory on the threat and to take any necessary actions to protect themselves. “We encourage them as well to contact the Cyber Centre if they suspect they have been targeted by cyberactors.”

The joint advisory says APT29 targeted COVID-19 vaccine research and development by scanning specific computer IP addresses of interest for vulnerabilities, a tactic that can help the group obtain login credentials to systems.

“This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value,” the advisory says.

“The group may maintain a store of stolen credentials in order to access these systems in the event that they become more relevant to their requirements in the future.”

By Jim Bronskill , The Canadian Press

Like us on Facebook and follow us on Twitter.

Want to support local journalism? Make a donation here.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Morning Start: The Exorcist film set was haunted

Your morning start for Tuesday, Aug. 11, 2020

$45K in donations received after Pitt Meadows woman, man die in Tulameen

Sarah MacDermid, 31, and Casey Bussiere, 37, died August long weekend

Former Summerlander receives Emmy nomination for makeup work

Lucky Bromhead recognized for her work with Canadian sitcom Schitt’s Creek

Morning Start: High heels were first designed for men

Your morning start for Monday, Aug. 10, 2020

Canucks ride momentum into NHL playoff series against defending Stanley Cup champs

PREVIEW: Vancouver opens against St. Louis on Wednesday

Man, 54, charged in connection with fatal attack of Red Deer doctor

Doctor was killed in his walk-in clinic on Monday

One dead as fish boat sinks off southern Vancouver Island

Shawnigan Lake-registered Arctic Fox II went down off Cape Flattery, west of Victoria

Landlord takes front door, windows after single B.C. mom late with rent

Maple Ridge mom gets help from community generosity and government

VIDEO: Revelstoke rallies to save snared eagle

Local climber scales tree to save the raptor

42 more people test positive for COVID-19 in B.C.

The province has recorded no new deaths in recent days

Joe Biden selects California Sen. Kamala Harris as running mate

Harris and Biden plan to deliver remarks Wednesday in Wilmington

COVID-19 exposure alert at Cactus Club in downtown Kelowna

Interior Health also announced another three cases of COVID-19 tied to Kelowna, bringing the total to 161

Most Read