COVID-19 vaccine researchers are working around the clock to advance promising candidates, but Russian hackers are simultaneously trying to swipe everything they’ve learned, officials from the U.S., U.K. and Canada said Thursday.
U.K.’s National Cyber Security Centre accused the hacker group APT29 in an advisory Thursday. The group, which also goes by the names “the Dukes” or “Cozy Bear,” is “almost certainly” part of Russian intelligence, NCSC says. Canadian and U.S. government agencies agreed with the analysis.
APT29 has targeted COVID-19 vaccine researchers in Canada, the U.S. and U.K., “highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” the analysis says.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC director of operations Paul Chichester said in a statement.
The group is using malware called “WellMess” and “WellMail” to target groups worldwide, NCSC says, including COVID-19 vaccine researchers. With COVID-19 vaccines being a key component to defeat COVID-19 and return economies to normal, the work is clearly a target for cyber criminals.
APT29 is likely to continue the attacks, NCSC says, so the agency recommended researchers closely follow “indicators of compromise” it detailed in the report.
Cybersecurity has been a growing concern for pharma companies in recent years, especially after New Jersey drug giant Merck’s cyberattack in June 2017. The attack “led to a disruption of its worldwide operations, including manufacturing, research and sales operations,” Merck said in its annual report the following year.
The company said it lost potential sales of $410 million in 2017 and 2018, and it had to pay other hack-related expenses of $285 million, according to the document. The company was last year battling with insurers over $1.3 billion in claims stemming from the attack, Bloomberg reported.