In an act Prime Minister Boris Johnson called despicable, a Russian group attacked databases to snatch developments to beat the virus. Cyber security experts believe they probably succeeded and one warned that the Kremlin-backed hackers will “keep on coming”. The attacks are thought to be part of a drive by Putin’s spies to ensure Russia could match the West in the hunt for a vaccine. The Government said other Russian “actors” meddled in last year’s general election by spreading leaked Whitehall documents on social media.
The hacking attempt on Britain, revealed by the National Cyber Security Centre, sparked a huge diplomatic row yesterday. Foreign Secretary Dominic Raab said: “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.
“While others pursue their selfish interests with reckless behaviour the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.
“The UK will continue to counter those conducting such cyber attacks and work with our allies to hold perpetrators to account.”
Mr Johnson’s spokesman said: “The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
“Working with our allies, we will call out those who seek to do us harm in cyberspace and hold them to account.”
Pharmaceutical research organisations in the UK, US and Canada were targeted in the criminal operation, a report by the security centre said.
It said the group called APT29, also known as “the Dukes’ or “Cozy Bear”, almost certainly operate as part of the Russian Intelligence Services.
The centre accused APT29 of carrying out a campaign of “malicious activity” against Western governments, diplomats, think-tanks, healthcare organisations and energy firms to steal valuable intellectual property.
Centre director Paul Chichester said: “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.
“We would urge organisations to familiarise themselves with the advice we have published to help defend their networks.”
APT29, which stands for Advanced Persistent Threats, uses a variety of hacking techniques including spear-phishing – sending emails from a known or trusted sender to induce people to reveal confidential information.
Custom-made malware known as WellMess and WellMail allows hackers to run remote commands once they are installed on a compromised system. The security centre report said: “Throughout 2020 APT29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the US and the UK, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.
“APT29 is likely to continue to target organisations involved in Covid-19 vaccine research and development as they seek to answer additional intelligence questions relating to the pandemic.” Experts have been tracking APT29 for many years but yesterday was the first time officials linked it publicly to Russian intelligence. Russia denied the snooping claims.
Kremlin spokesman Dmitry Peskov said yesterday his country “had nothing to do” with the hacking and the claims were not backed by “proper evidence”.
Relations between London and the Kremlin are already at a low ebb after the Salisbury attack two years ago, aimed at killing double agent Sergei Skripal with Sovietera nerve agent Novichok. Russia is currently battling one of the world’s worst coronavirus outbreaks, notching up 752,797 cases, the fourth highest globally.
Dr Duncan Hodges, senior lecturer in cyberspace operations at Cranfield University, Beds, said: “I’d be incredibly surprised if Russia hadn’t had some success in these attacks.
“The reason they keep on using these tools and techniques is because they are incredibly successful in carrying them out.
“At a time when people’s attention is rightly focused on developing a life-saving vaccine, cyber security tends to take a lower priority for individuals, who overlook their basic security practices.
“This increase in vulnerability is what Russia thrives on to conduct its information operations.”
He warned: “As long as Russia keeps having success with these methods and continues to be unafraid of being caught these attacks will keep on coming.”
Shadow foreign secretary Lisa Nandy said: “The reported actions of the Russian Intelligence Services are wrong and should be condemned.” Ms Nandy urged the Government to release a longdelayed report by Parliament’s Intelligence and Security Committee into alleged Russian interference in UK politics, including the 2016 EU referendum.
The report is expected to be published next week.
It follows confirmation earlier this week of the new committee membership for the current parliamentary term.