Russian spies are targeting organizations in the UK, the US, and Canada trying to develop a coronavirus vaccine, security services have warned.
An advisory published by UK's National Cyber Security Center (NCSC) details the activity of the Russian hacking group named APT29, which also goes by the name "the Dukes" or "Cozy Bear."
NCSC explicitly calls for efforts to target vaccine research and development organizations in the United States, the UK, and Canada. They added said the hackers "almost definitely" were "part of Russian intelligence."
"APT29's campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property," NCSC's statement wrote.
This didn't indicate which entities were attacked or whether any information was stolen. Yet it said the hackers had not impeded vaccine studies.
'Russia has nothing to do' with hacking attempts
Russia vehemently denied the "groundless" allegations, with President Vladimir Putin 's spokesman saying that adequate evidence did not support the charges.
Kremlin spokesperson Dmitry Peskov said that Russia "had nothing to do" with the hacking attacks targeting organizations involved in creating coronavirus vaccines.
"We don't have information about who may have hacked pharmaceutical companies and research centers in Britain," the Russian official said.
The advisory comes as the number of coronavirus cases continues to rise in the US as researchers race to develop a vaccine.
Such information is highly regarded
The statement did not say that Russian President Vladimir Putin knew about the hacking of vaccine studies. Still, British officials claim that such information is highly regarded.
The American, British, and Canadian governments said Cozy Bear recently used weak spots in computer networks to get a foothold. If companies do not immediately fix a vulnerability found by a software vendor, they can be exposed to attacks from their networks.
The British Cybersecurity Center operations officer, Paul Chichester, urged the organizations to familiarize themselves with the recommendations that they have released to protect their networks.
Western countries accused Cozy Bear of using custom malicious software to target several worldwide organizations. The malware, named WellMess and WellMail, had not been affiliated with the hacking community previously, the advisory said.
The advisory claimed that the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. "The group then deployed public exploits against the vulnerable services identified," the advisory added.
In April, the US Department of Homeland Security reported that cybercriminals and other organizations targeted COVID-19 study. They added that the increase of people teleworking due to the pandemic had generated new avenues for hackers to exploit.
Vulnerable targets include healthcare facilities, pharmaceutical firms, universities, medical research organizations, and local authorities, security officials said.
These organizations' global scope and external supply chains also make them vulnerable. Hence, the US National Security Agency for Cybersecurity and Infrastructure said a warning that was released in collaboration with its British counterparts.
"The National Security Agency (NSA), along with our partners, remains steadfast in its commitment to protecting national security by collectively issuing this critical cybersecurity advisory as foreign actors continue to take advantage of the ongoing COVID-19 pandemic," NSA Cybersecurity Director Anne Neuberger said.