How Russian hackers tried to breach UK coronavirus vaccine research

Russian hackets have targeted coronavirus vaccine research, a UK security agency has warned. Credit: PA

The National Cyber Security Centre (NCSC) has warned that hackers linked to the Russian intelligence services are targeting UK researchers working on a coronavirus vaccine.

The warning has been issued by the UK’s cyber security agency alongside its US and Canadian counterparts.

What happened?

The UK’s cyber security agency, the NCSC, has revealed Russian cyber criminals have targeted UK academic and healthcare organisations with the aim of stealing information relating to the development of a Covid-19 vaccine.

The NCSC - working with counterparts in the US and Canada - identified the attackers as a hacking group known to security researchers as APT29.

The group is also known as The Dukes or Cozy Bear - the NCSC says the attackers are "almost certainly" working as part of the Russian intelligence services.

How were the attacks carried out?

The cyber criminals attempted to break into a number of UK, US and Canadian vaccine research and development organisations using a range of cyber attack tools.

Their methods included phishing scams and custom malware known as "WellMess" and "WellMail".

The agency said the hackers used publicly known software vulnerabilities to try to gain "initial footholds" in systems.

The aim was to collect data - such as login credentials - which could be useful later on in order to gain further access.

The NCSC said the APT29 group had specifically targeted IP addresses owned by organisations working on a coronavirus vaccine and scanned them for vulnerabilities - attempting to use known flaws to try to gain access.

The NCSC added that it wanted to reassure the public that the UK was protected and defended against the attacks.

Though the attacks, it says, remain ongoing.

Vials of the Oxford coronavirus vaccine Credit: Sean Elias/PA

Why were the attacks carried out?

The cyber security agencies say they believe the aim of the attacks was to steal information about vaccine development - rather than trying to disrupt the UK and other countries' own efforts to make a vaccine.

In May, the NCSC issued an advisory warning that it had seen an increased proportion of cyber attacks related to coronavirus.

The agency warned the hackers were looking to "steal sensitive research data and intellectual property for commercial and state benefit".

Who has been targeted?

Although the agencies would not specify any organisations who had been targeted, they said the hackers had been targeting those involved in "both national and international Covid-19 responses".

The NCSC said the campaign of malicious activity had been predominantly aimed at "government, diplomatic, think tank and energy targets".

The University of Oxford, which is one of the global leaders in research for a potential vaccine for Covid-19, has previously confirmed it was taking advice from security experts on the issue of cyber attacks linked to coronavirus data.

A spokesperson for Imperial College London - where a team is also working on developing a vaccine - said "appropriate security measures" are in place adding:

"We have benefited from government advice, including from the National Cyber Security Centre, to provide extra protection around our Covid-19 vaccine work."

Scientists at the University of Oxford said a vaccine could be available for use by the general public by September.

What else is the NCSC doing?

The agency has urged businesses to protect their devices and networks by keeping their software up to date.

In a list of mitigations published alongside the announcement of the cyber attacks, the NCSC also urged people to use two-step, or multi-factor authentication, to help reduce the chance of password compromises.

It also urged businesses to "treat people as the first line of defence" and tell staff how to report suspicious emails and ensure reports are always investigated.