View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
August 3, 2020updated 31 Jul 2020 3:32pm

Covid-19 pandemic: Russian hackers target UK, US and Canadian research

Security services in the UK, US and Canada have determined that the Russian cyber hacking group – APT29 – has been trying to illicitly access Covid-19 research. But, what makes Covid-19 research, and medical data in general, a target for state-sponsored espionage groups?

By Allie Nawrat

In mid-July, the UK’s National Cyber Security Centre (NCSC) published a report stating that the cyber espionage group, APT29, which is “almost certainly part of the Russian intelligence services”, has been attacking organisations based in the UK, US and Canada that are involved in developing Covid-19 vaccines.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

This assessment was supported by the Canadian Communication Security Establishment, as well as the US Department for Homeland Security’s Cybersecurity Infrastructure Security Agency and the National Security Agency.

Naming APT29 as the perpetrator expands upon a previous announcement made by the the NCSC in May that “advanced persistent threat (APT) groups were looking to exploit the uncertainty that surrounds the Covid-19 crisis”, explains SonicWALL CEO and advisor to GCHQ Bill Conner.

Russian authorities have vehemently denied these allegations and have asked for evidence to back up these claims by the US, UK and Canadian authorities.

Details of the APT29 attack

The APT29 – also known as ‘The Dukes’ or ‘Cozy Bear’ – used a variety of tools to target a range of organisations with the suspected intention of stealing information and intellectual property associated with investigational Covid-19 vaccines, according to the NCSC report.

The NCSC claimed that APT29 used publicly available tools to scan and exploit vulnerable systems in order to obtain credentials that enable deeper access.

The main approach used is custom malware known as WellMess and WellMail. The NCSC explains that WellMess has been in used since at least 2018; it is a “lightweight malware designed to execute arbitrary shell commands, upload and download files”. WellMail is similarly a lightweight malware, but it runs commands or scripts so that the results are sent to a “hardcoded Command and Control (C2) server”.

Conner explains that although it is difficult to directly identify the source of a cyberattack, “the complexity behind the malware targeting these research institutions would be telling of a state-sponsored attack”. APT29 has been previously linked with the Russian security service.

Why target Covid-19 research?

The Covid-19 pandemic has caused unprecedented disruption to society and  national economies, so it is not surprising that it would be the target of cyberattacks, particularly from state actors. Being the first to secure a Covid-19 vaccine is likely to bring significant advantages on the global stage.

“It is important to view the coronavirus vaccine as a critical piece of intellectual property,” notes Conner. “It is sought after by every major geopolitical player globally and, therefore, is a central target for nation-state actors vying for dominance.”

There is much for cybercriminals to gain from fraudulently gaining access to Covid-19 vaccine research. “Acquiring vaccines and therapeutics could potentially provide a country with short-term economic benefits as they begin to sell the illegally obtained technology,” says Conner. “It could also provide them with long-term economic benefits, giving them a research edge that could catapult them ahead of other countries striving to achieve dominance as a distributor during a global pandemic.”

“While Russia was the first country to be placed in the spotlight, it is only a matter of time before another nation-state resorts again to cybercrime to influence or control global healthcare during a time of great need,” concludes Conner.

Mandiant Threat Intelligence senior director of intelligence analysis John Hultquist told Verdict that actors from other countries – including Iran and China – are already involved in Covid-19 cyberattacks.

Beyond the pandemic: medical data as a target

Although the pandemic provides a clear geopolitical motive to cyberattack medical and research organisations, these organisations have been vulnerable to attacks for many years. In fact, there is evidence that suggests the number of attacks on medical and healthcare organisations are actually increasing.

Conner provides the example of the WannaCry on the UK’s National Health Service (NHS) in 2017-8. This was a global ransomware attack that targeted computers running on Microsoft Windows.  It affected up to 70,000 devices owned by the around 200 NHS hospitals in England and Scotland; it is estimated this attack cost the NHS £92m, according to a government report.

Central to why medical organisations are targets of attacks, and are likely to increasingly be in the future, is linked to the data they have access to. “The data housed on these systems is very valuable and important in preventing diseases and advancing countries’ medical development,” explains Conner. Healthcare data is extremely lucrative on the black market.

Related Companies

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Friday. The pharmaceutical industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Pharmaceutical Technology