Hackers linked to Russia’s state intelligence agencies are attempting to steal secret research on coronavirus vaccines from UK labs, the National Cyber Security Centre has said.

In a co-ordinated announcement with security agencies in the US and Canada, the NCSC pointed the finger at an established hacker group known as APT29, Cozy Bear or The Dukes.

And for the first time since the shady group’s existence became known, the allied agencies said that APT29 is “almost certainly” operating as part of Russian intelligence services.

Download the new Independent Premium app

Sharing the full story, not just the headlines

It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.

The attacks form part of a pattern which has seen both state and criminal organisations shift cyber activity to target potentially valuable intellectual property relating to vaccines and treatments for Covid-19 during the pandemic.

NCSC director of operations Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.

“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.

“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”

Known targets of APT29 include UK, US and Canadian vaccine research and development organisations.

The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.

More follows…

Please be respectful when making a comment and adhere to our Community Guidelines.

You can find our Community Guidelines in full here.

Please be respectful when making a comment and adhere to our Community Guidelines.

You can find our Community Guidelines in full here.