A notice released by the UK's National Center for Cyber Security (NCSC) details the activity of the Russian piracy group and explicitly calls for efforts to target US vaccine research and development organizations. USA, UK and Canada.
Cozy Bear is one of two hacking groups linked to Russian intelligence believed to have accessed the Democratic National Committee's internal systems in the run-up to the 2016 U.S. election, but Thursday's announcement is the first time that It names this group in relation to cyberattacks related to the coronavirus pandemic.
Authorities in the United States, United Kingdom, and Canada have issued several warnings about state-backed cyber attacks in the past month.
In May, all three countries issued a warning warning of ongoing cyber attacks against organizations involved in the coronavirus response, including health care agencies, pharmaceutical companies, academics, medical research organizations, and local government.
Hospitals, research labs, healthcare providers, and pharmaceutical companies have all been affected, authorities say, and the US Department of Health and Human Services, which oversees the Centers for Disease Control and Prevention. Disease, has been hit by an increase in daily attacks. , an official with direct knowledge of the attacks previously told CNN.
The NCSC, which is the UK's leading technical authority on cyber security and part of the UK Government's Communications Headquarters (GCHQ), assessed that APT29 "almost certainly operates as part of the Russian Intelligence Services".
This assessment is also supported by partners from the Canadian Communication Security Establishment (CSE), the Department of Homeland Security (DHS) of the Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), he said. the NCSC.
"APT29's campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property," according to a press release.
"We condemn these despicable attacks on those who do vital work to combat the coronavirus pandemic," NCSC chief operating officer Paul Chichester said in a statement.
"By working with our allies, the NCSC is committed to protecting our most critical assets and our top priority right now is to protect the health sector.
"We urge organizations to familiarize themselves with the tips we've released to help defend their networks."
The press release said the NCSC had previously warned that APT (Advanced Persistent Threats) groups had targeted organizations involved in Covid-19's national and international responses.
APT29 uses a variety of tools and techniques, including phishing and custom malware known as "WellMess" and "WellMail," according to the NCSC.
The report concluded that "APT29 is likely to continue to target organizations involved in the research and development of the COVID-19 vaccine as they seek to answer additional intelligence questions related to the pandemic."