The UK National Cybersecurity Center (NCSC), with support of the US National Security Agency and Canadian intelligence agencies, warned that Russian hackers were trying to steal COVID-19 research data.
Russian-speaking hacker group APT29 (aka Cozy Bear and Dukes) conducted active phishing attacks aimed at pharmaceutical companies, healthcare, research institutes and other organizations involved in the development of vaccines against coronavirus.According to the authorities, in 2020, organizations in the UK, USA and Canada became targets for attacks, behind which stood this hack group, allegedly operating under the auspices of the Russian government. There is currently no evidence that these campaigns were successful, but the NCSC claims the attacks are still ongoing.
We condemn these disgusting attacks against those who do vital work to combat the coronavirus pandemic,” — said NCSC Executive Director Paul Chichester.
Let me remind you that Cozy Bear was extremely active from 2014 to 2017. Then, hackers were accused of hacking the National Committee of the Democratic Party of the United States in anticipation of the 2016 elections, as well as of numerous attacks by various government agencies in Europe and beyond. According to many information security experts, this group works with the FSB and was also involved in attacks on the US White House postal system, the US Department of Foreign Affairs and the Joint Chiefs of Staff.
Now APT29 is trying to deploy the custom malware family – WellMess and WellMail, which can send commands to infected devices on their target machines,” – say NCSC researchers.
The previously listed malware was not associated with APT29.
It is also reported that the group can look for vulnerabilities in the products Citrix (CVE-2019-19781), Pulse Secure (CVE-2019-11510) and Fortigate (CVE-2019-13379), and then can attack them using known exploits to infiltrate into the system and gain a foothold there. NCSC writes that APT29 is “very skilled” in exploiting vulnerabilities.
Let me remind you that another group of Russian hackers with a “bear” in the name last year attacked anti-doping organizations. In Russia, state cybercriminals seem to be a little obsessed with pharmacology.
Experts called on companies and organizations to better protect their devices and networks, not to forget about the training of employees so that they can recognize a phishing attack, and also familiarize themselves with the security recommendations attached to the application. We must take into account that this is not the first attack on institutions involved in the fight against COVID-19.