instagram envelope_alt facebook twitter search youtube_play whatsapp remove external_link loop2 arrow-down2

Russia’s Cozy Bear ‘is campaigning to hack into secret coronavirus vaccine files’

Report due on
Monday: Prof
Sarah Gilbert

HACKERS operating under the orders of Russian president Vladimir Putin have been trying to steal coronavirus vaccine data with ‘reckless’ cyber attacks on British laboratories, the government has revealed.

Investigators have identified a group named Cozy Bear which ‘almost certainly operates as part of the Russian intelligence services’, according to the National Cyber Security Centre (NCSC). Sources warned last month that Oxford University scientists at the cutting edge of vaccine research were being targeted. But yesterday’s revelation directly blames the Russian government for the first time.

‘The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable,’ a No.10 spokesman said.

‘Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.’

The Kremlin’s spies work on the direct orders of Mr Putin, a former KGB officer. The report does not name him but intelligence sources insisted that the work would not be carried out against his wishes.

Former British ambassador to Russia Sir Tony Brenton said the reported hacking was the latest episode in a line of technological espionage going back to the Cold War.

‘There is a certain tradition of the Russians when they have an acute national problem — as they have with coronavirus — to use their secret apparatus to help with it,’ he said.

Cozy Bear — officially known as APT29 — has an ‘ongoing campaign of malicious activity (to) steal valuable intellectual property’, according to the NCSC.

‘In recent attacks targeting Covid-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organisations,’ it added.

A team under Prof Sarah Gilbert at the University of Oxford is due to report on Monday on a vaccine that generates both antibodies and T-cells to attack the virus.

Researchers have said they are ‘80 per cent’ confident the vaccine can be ready by September, and the government has already pre-ordered millions of doses from manufacturer AstraZeneca.

Healthcare organisations and their employees have been urged to update passwords and not to open suspicious email links. ‘They (Cozy Bear) have been using known vulnerabilities in routers and firewalls but also putting malware on machines using the age-old technique of sending a scam email,’ said Prof Alan Woodward, of the University of Surrey.

‘I think they want to steal whatever advances people have made and leapfrog with their own research.

‘But the real danger with these techniques is that you disrupt the search for a vaccine. That could be the unintended consequence.’

The NCSC report — produced in conjunction with the US National Security Agency and Canada’s Communications Security Establishment — said virus researchers had also been targeted in North America.

‘In cyber-space, attribution is difficult but not impossible,’ said Emily Taylor, of the Chatham House think-tank.

‘Usually, the security services are much more hedgy in their language if they think there is any doubt. (But) Cozy Bear has been implicated in past cyber attacks and has left quite a trail.’

Mr Putin’s spokesman, Dmitry Peskov, said Russia had ‘nothing to do’ with attempts to hack into vaccine data bases.