Hackers linked to the Russian intelligence agencies are targeting British scientists seeking to develop a coronavirus vaccine, the National Cyber Security Centre (NCSC) has warned.
In a joint statement with the US National Security Agency and the Canadian Communication Security Establishment, the NCSC said the attacks were part of a global campaign by the group known as APT29 to steal the secrets of vaccine research.
NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
And Foreign Secretary Dominic Raab has condemned the activities of hackers targeting cyber attacks on organisations seeking to develop a coronavirus vaccine.
Mr Raab said: “It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
The UK is home to two of the leading research programmes to develop a vaccine based at Oxford University and Imperial College London.
The NCSC said that, together with the US and the Canadians, it had assessed that APT29 – also known as the Dukes or Cozy Bear – was “almost certainly” operating as part of the Russian intelligence services.
It said the group’s campaign of “malicious activity” was aimed predominantly at government, diplomatic, think-tank, healthcare and energy targets in an attempt to steal valuable intellectual property.
The NCSC has previously warned that APT (standing for advanced persistent threat) groups have been targeting organisations involved in both national and international Covid-19 research.
APT29 is said to use a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.
