Bad news — Cozy Bear is back, but this time the Russian intel hacking group hasn’t targeted the US election. The governments of the US, United Kingdom, and Canada issued a joint statement accusing Moscow of targeting COVID-19 research, apparently attempting to steal the formula for any new vaccine under development. Advisories have been issued to strengthen security around those efforts, and the message to Vladimir Putin seems clear — back off:
Big: US, UK and Canada jointly announce that cyber actors, most likely from Russia’s intelligence services are targeting orgs with “intention of stealing info …relating to the development and testing of COVID-19 vaccines.” pic.twitter.com/D7OAPpuIxP
— Hadas Gold (@Hadas_Gold) July 16, 2020
Russian cyber actors are targeting organizations involved in coronavirus vaccine development, according to a new warning by US, UK and Canadian security officials on Thursday that details activity by a Russian hacking group called APT29, which also goes by the name “the Dukes” or “Cozy Bear.” …
The US, UK and Canadian authorities have issued several warnings about state-backed cyberattacks in recent month.
In May, the three countries issued an advisory warning of ongoing cyberattacks against organizations involved in the coronavirus response, including health care bodies, pharmaceutical companies, academics, medical research organizations and local government.
Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit, officials say, and the US Department of Health and Human Services — which oversees the Centers for Disease Control and Prevention — has been struck by a surge of daily strikes, an official with direct knowledge of the attacks previously told CNN.
The NCSC, which is the UK’s lead technical authority on cyber security and part of the UK’s Government Communications Headquarters (GCHQ), assessed that APT29 “almost certainly operate as part of Russian Intelligence Services”.
The good news, relatively speaking, is that Russia apparently hasn’t attempted any sabotage. This looks like the kind of technological raid that the KGB used to do for decades during the Cold War, and which China routinely does now. No one knows how much the Russian hackers have stolen, if anything at all yet, but they do note that the hackers haven’t been interested in personnel data:
The persistent and ongoing attacks are seen by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. …
It was unclear whether any information actually was stolen but the National Cypersecurity Centre says individuals’ confidential information is not believed to have been compromised.
Speaking of China, the US accused them separately last week of disruptive hacks on the same organizations:
U.S. authorities have for month leveled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”
To some extent, this makes sense — perhaps a lot more sense than another Merry Prankster effort in an American election. That ended up backfiring on Putin, forcing the US to take a very hard line against Russia for the last three years, for no particular potential benefit except Putin’s ego and personal amusement. This at least relates to a real national interest for Russia, especially since it apparently doesn’t have the horsepower to do this work on its own. That’s a pretty damning indictment of Putin’s leadership all on its own; at least Russia had communism as an excuse for its need to steal technology as a consequence of their inability to produce it for themselves. Putin’s version of oligarchy turns out to be almost as bad in a pinch.
It all seems needlessly provocative, if true, especially given the stakes involved. Canada and the UK would certainly be open for international cooperation on vaccine development, even if the US under Donald Trump would prefer a more national approach. Working aboveboard might have gotten Putin farther than another clumsy Cozy Bear operation. Now, however, Putin might have put up even more barriers between his country and others that would have preferred a friendlier relationship all along. You can take the colonel out of the KGB but you can’t take the KGB out of the colonel, it seems.
Addendum: For a fascinating look at the KGB’s technology-theft efforts, I highly recommend Farewell: The Greatest Spy Story of the Twentieth Century by Sergei Kostin. It tells the story of how French intelligence ran a mole at the top level of the KGB’s program, and how it informed Ronald Reagan’s Cold War strategy. Perhaps one day Hollywood will make a major film out of it, but … I won’t hold my breath.