Hackers backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world, Britain's National Cyber Security Centre (NCSC) said on Thursday.
A co-ordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as Cozy Bear, which they said was almost certainly operating as part of Russian intelligence services.
"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," said NCSC Director of Operations Paul Chichester.
Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa over the last year.
Russian news agency RIA cited spokesman Dmitry Peskov as saying the Kremlin rejected London's allegations, which he said were not backed by proper evidence.
In a separate announcement Britain also accused "Russian actors" of trying to interfere in its 2019 election by trying to spread leaked documents online. Russia's foreign ministry said those accusations were "foggy and contradictory".
Britain is expected to publish a long-delayed report into Russian influence in British politics next week.
"SELFISH INTERESTS"
British foreign minister Dominic Raab said it was "completely unacceptable" for Russian intelligence services to target work on the pandemic.
"While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health," he said in a statement. He said Britain would work with allies to hold perpetrators to account.
The NCSC said the group's attacks were continuing and used a variety of tools and techniques, including spear-phishing and custom malware.
"APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic," the NCSC statement said.
The U.S. Department of Homeland Security and U.S. Cyber Command also released technical information on Thursday about three hacking tools being deployed by the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.
Private sector cybersecurity researchers who had spotted the WELLMESS malware over the last year were unaware of its Russian origins until Thursday.
In several cases, WELLMESS was found within U.S. pharmaceutical companies, said three investigators familiar with the matter, who spoke on condition of anonymity to discuss confidential information. The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the victims.
Britain and the United States said in May that networks of hackers were targeting national and international organisations responding to the pandemic. But such attacks have not previously been explicitly connected to the Russian state.
Reuters
Fri Jul 17 2020
Cybersecurity researchers said an APT29 hacking tool was used against clients located in United States, Japan, China and Africa over the last year - Filepic
What happened in Philippine drug war that led to Duterte's arrest?
Here are some facts about the drug war during Duterte's presidency from 2016 to 2022.
Soccer - Manchester United plans to build 'world's greatest stadium'
Manchester United plans to build a new 100,000-seat stadium next to the existing Old Trafford, the club announces.
Meta begins testing its first in-house AI training chip
Meta is working with Taiwan-based chip manufacturer TSMC to produce the chip, according to sources.
Russia says it wants united and 'friendly' Syria
Russia has two strategically important military bases in Syria, which it is hoping to retain in the wake of Assad's fall.
Musk says juggling DOGE and CEO jobs is difficult, as Tesla shares slump
Elon Musk says he is running his businesses "with great difficulty" while working with the Trump administration.
Philippine ex-leader Duterte long defiant on deadly drug war
Before becoming president, Rodrigo Duterte earned the nicknames "The Punisher" and "Duterte Harry" for his violent anti-drug crackdown.
Ismail Sabri probe: 36 witnesses finish giving statements to MACC, 23 others to be summoned
A MACC source said 23 other witnesses have also been identified and would be summoned to give their statements soon.
Westin Hotels marks World Sleep Day with wellness-focused offerings
With a growing demand for sleep tourism and wellness travel, Westin aims to solidify its position as a leader in holistic hospitality.
Govt wants local experts to help improve national cyber security - PM's press secretary
Tunku Nashrul Abaidah says the government has high confidence in local expertise to face cybersecurity challenges.
Philippines' ex-President Duterte arrested at ICC's request over 'drugs war', government says
Rodrigo Duterte was arrested upon his arrival at a Manila airport and the ex-leader is now in custody, the office of the president said.
![[COLUMNIST] Lighting up lives: How solar power is transforming Orang Asal villages in Sabah](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2025-03/81741682061_tbOrangAslisolar.jpg "[COLUMNIST] Lighting up lives: How solar power is transforming Orang Asal villages in Sabah")
[COLUMNIST] Lighting up lives: How solar power is transforming Orang Asal villages in Sabah
For years, families in these villages relied on diesel generators, but the high cost of fuel and maintenance meant electricity was a luxury.
Court postpones verdict in Aliff Syukri obscene content case to March 14
Datuk Seri Aliff Syukri Kamarzaman faces four charges of uploading obscene content on his Instagram account in 2022.
Trump says he will buy a 'new Tesla' to show support for Musk
Tesla's market capitalisation has more than halved since hitting an all-time high of $1.5 trillion on December 17.
Tanker hired by US military ablaze off UK after hit by container ship
The ship is carrying 15 containers of sodium cyanide, a toxic chemical used mainly in gold mining, and an unknown quantity of alcohol.
Failure to pay PTPTN loan: UMNO Youth supports proposal to ban borrowers from overseas travel
UMNO Youth chief says the borrowers involved must be responsible in settling their debts with PTPTN for the sake of future generations.
Pope Francis no longer faces immediate danger, responding to treatment, Vatican says
The Vatican says pope's doctors decided to lift an earlier "guarded" prognosis, meaning the pontiff was no longer in immediate danger.
AI Revolution: Will Malaysia’s workforce sink or swim?
AI is no longer a distant concept, it is actively transforming industries, reshaping job markets, and redefining the skills needed.
Dalai Lama says his successor to be born outside China
Beijing insists it will choose his successor, but the Dalai Lama says any successor named by China would not be respected.
US judge says Musk's DOGE must release records on operations run in 'secrecy'
The ruling, the first of its kind, marks an early victory for advocates pushing DOGE to be more transparent about its role in mass firings.
How to Get to Merdeka 118: Your Complete Guide
Heres everything you need to know about getting there efficiently.