Coronavirus: Russian cyber spies attempting to steal vaccine research from Britain, US and Canada
16 July 2020, 13:00 | Updated: 17 July 2020, 07:57
Russian cyber spies are trying to steal research into coronavirus vaccines and treatments from Britain, the US and Canada, the three countries claimed on Thursday.
The attack is ongoing, with British cyber experts working to defend research institutes, laboratories and other targets in the UK, according to a branch of the spy agency GCHQ.
Organisations in other countries involved in the fight against COVID-19 are also allegedly being targeted.
It came as:
- The government, in a separate development, revealed it had found Russian groups sought to interfere in last year's general election through the promotion of leaked documents on a potential US-UK trade deal;
- Members of parliament's Intelligence and Security Committee agreed to publish a long-awaited report into alleged Russian interference in UK politics within the next week.
The National Cyber Security Centre (NCSC) accused a group called APT29 - also known as "the Dukes" or "Cozy Bear" - for the attacks on coronavirus research facilities and said it "almost certainly operates as part of Russian intelligence services".
The NCSC are understood to believe that awareness of the activities extends to the highest levels of the Russian state.
APT stands for advanced persistent threats.
The NCSC, which has taken the lead on the Russian attribution, said this assessment is supported by its US and Canadian counterparts.
"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," Paul Chichester, the NCSC's director of operations, said in a statement.
"Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
"We would urge organisations to familiarise themselves with the advice we have published to help defend their networks."
The NCSC, which is the lead organisation in responding to cyber attacks on the UK, released an advisory that set out details of how the Russian cyber spies are allegedly attempting to steal highly valuable research into treatments and vaccines for COVID-19.
Such information is regarded by all countries as an intelligence priority given the need to combat the pandemic.
The UK and the US warned in May that state-backed cyber attackers are trying to steal data from universities, pharmaceuticals and research institutes involved in the coronavirus response.
On that occasion, a joint advisory published did not name any specific country involved in the "malicious cyber campaigns", but culprits are understood to include hacking groups from China, Russia and Iran, as well as others.
Russia has always denied allegations of cyber attacks.
This time around, the NCSC accused Russian cyber spies of using a variety of different techniques to access information, including spear phishing and custom malware known as "WellMess" and "WellMail".
:: Listen to the All Out Politics podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
Security minister James Brokenshire described how APT29 had "got into certain networks and is effectively surveilling them to look at what is there".
But he told Sky News there was "no evidence or information of any damage or any sort of harm".
"That still is completely unacceptable for Russian intelligence officers to be acting in this fashion," he added.
Prime Minister Boris Johnson's official spokesman said: "The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
"Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account."
But Leonid Slutsky, head of the international affairs committee in the lower house of the Russian parliament, branded the "unfounded" claims as "another manifestation of Russophobia".
He told Sky News: "Again, some speculation without any evidence. Unfortunately, this is another example of the politicisation of the pandemic.
"In Russia, its own trials of a vaccine against COVID-19 are quite successful, we have a strong virology, so there was no reason to steal 'secrets'."
Just hours earlier on Thursday, in a separate development, the UK government revealed Russian groups sought to interfere in last year's general election through the promotion of leaked documents on a potential US-UK trade deal.
In a written statement to parliament, Foreign Secretary Dominic Raab revealed there is an ongoing criminal investigation into the issue.
He vowed the UK would "continue to call out and respond to malign activity, including any attempts to interfere in our democratic processes" and suggested the government could "respond with appropriate measures in the future".
Leaked documents on a potential US-UK trade deal became a major debating point in last year's general election campaign.
Then Labour leader Jeremy Corbyn used the official papers as evidence the NHS would be "on the table" in talks on a post-Brexit trade deal with America.
The documents were found on website Reddit, which said at the time it believed the leak was "part of a campaign that has been reported as originating from Russia".
Labour did not, at the time, comment on how it obtained the leaked documents and Mr Corbyn did not comment when approached by reporters on Thursday.
He later put out a statement saying the files he revealed were "genuine".
"Today's government claim is an attempt to divert attention from the threat to the NHS and the Tory Party links to Russian oligarchs expected to be revealed in the long-buried parliamentary Russia report," he added.
A Labour Party spokesperson said: "We condemn any attempt by Russia, or any foreign power, to interfere in our country's democratic processes.
"Labour stands ready to work cross-party to protect our nation's security.
"That includes in our response to the publication of the long-awaited report by the Intelligence Security Committee on the Russian threat to the UK."
Mr Raab, asked by a journalist if he thought Labour did anything wrong or if there was any evidence of wrongdoing by the party, said: "I think that's for Labour to answer, both Jeremy Corbyn and Sir Keir Starmer."
He added "we're not entirely sure" why hackers had targeted the coronavirus vaccine research but "it's pretty egregious behaviour and it should be called out in the way we're doing today".
:: Listen to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker
Earlier in his statement on Thursday, Mr Raab said: "On the basis of extensive analysis, the government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online amplification of illicitly acquired and leaked government documents.
"Sensitive government documents relating to the UK-US Free Trade Agreement were illicitly acquired before the 2019 general election and disseminated online via the social media platform Reddit.
"When these gained no traction, further attempts were made to promote the illicitly acquired material online in the run-up to the general election.
"Whilst there is no evidence of a broad spectrum Russian campaign against the general election, any attempt to interfere in our democratic processes is completely unacceptable.
"It is, and will always be, an absolute priority to protect our democracy and elections."
The developments come ahead of the publication of a long-awaited report into alleged Russian interference in UK politics, which will be released by parliament's Intelligence and Security Committee within the next week.
The prime minister's spokesman said it was "nonsense" to suggest the NCSC accusations and Mr Raab's statement on election interference were designed to deflect from the possible findings of the upcoming ISC report.
Former ISC chair Dominic Grieve told Sky News: "It's not the first time, in the immediate run-up to the announced publication of an Intelligence and Security Committee report, that the government has itself put out information which appears, in a sense, to either pre-empt the report or - alternatively - show the government is conscious of the issues the report might reveal."