Canada, U.K., U.S. denounce Russian hackers for targeting COVID-19 vaccine data

OTTAWA — Canada, Britain and the United States denounced Russian hackers on Thursday for trying to steal research on COVID-19 vaccines from organizations in all three countries and around the world.

Thursday’s joint declaration, led by Britain, said the hackers were almost certainly working for Russian intelligence and accused them of disrupting the global efforts to find a vaccine for the novel coronavirus.

The revelation pulled back the veil on the ongoing collaboration between scientists and spies to guard against threats to the development of a vaccine to end a global pandemic that has infected 10 million people and killed 500,000.

Canada’s Communications Security Establishment said the malicious cyberactivities were very likely undertaken to pilfer information and intellectual property relating to the development and testing of vaccines.

Public Safety Minister Bill Blair said it isn’t just Russia that poses a threat, and that the CSE and the Canadian Security Intelligence Service are committed to protecting Canadian researchers from all international enemies.

Blair said it was “not just the Russians targeting it but other foreign actors as well.”

The CSE and its British and American partners said the activity is hindering response efforts when health-care experts and medical researchers need every available resource to help fight the pandemic.

The assessment was supported by Britain’s Government Communications Headquarters’ National Cyber Security Centre, the U.S. National Security Agency, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The Canadian government would not say what if any diplomatic action had been taken against Russia.

Nor did the joint assessment specifically say whether the hackers had been successful, but Canadian vaccine-makers were following the advice of the intelligence agencies and taking precautions.

The CSE’s Centre for Cyber Security assessed that a group labelled APT29, also known as “the Dukes” or “Cozy Bear,” was responsible, and almost certainly operates as part of Russian intelligence services.

Washington has previously identified “Cozy Bear” as one of two Russian government-linked hacking groups that broke into the Democratic National Committee computer network and stole emails ahead of the 2016 presidential election.

“The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, health-care and energy targets for intelligence gain,” said the joint advisory from the CSE and its allies.

“APT29 is likely to continue to target organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”

David Reed, Britain’s deputy high commissioner to Canada, said any discussion of whether the Russians succeeded in stealing anything had to remain an operational secret.

He added in an interview: “There’s no evidence this is going to cause a delay to the discovery of a vaccine, but it’s clearly reckless behaviour.”

Russian President Vladimir Putin’s spokesman, Dmitry Peskov, rejected the accusations.

“We don’t have information about who may have hacked pharmaceutical companies and research centres in Britain,” Peskov said, according to the state news agency Tass.

“We may say one thing: Russia has nothing to do with those attempts.”

Reed flatly rejected the Russian denial.

“We have the highest degree of confidence that this action by APT29 is linked to the Russian intelligence service. It’s a despicable attack against those doing vital work to combat the coronavirus pandemic,” he said.

“We’ve called the Russians to account previously, and this is another example of that.”

Britain’s relations with Russia plummeted after former Russian spy Sergei Skripal and his daughter were poisoned with a Soviet-made nerve agent in the English city of Salisbury in 2018. Britain blamed Moscow for the attack, which triggered a round of retaliatory diplomatic expulsions.

Canada expelled several Russian diplomats as part of the West’s co-ordinated response to the Salisbury poisoning.

The CSE urged Canadian health organizations to review the advisory on the threat and to take any necessary actions to protect themselves.

David Vigneault, the director of CSIS, said the domestic spy agency has been sharing its intelligence “very openly” with Canadian companies for months to protect them as they try to develop a vaccine.

On Thursday, CSIS held a webinar with the Canadian Chamber of Commerce and has reached out to 150 biopharma companies “to provide them information about the threat they face. And also about potential measures they can take to protect their intellectual property in this heightened threat environment.”

Brad Sorenson, the chief executive officer of Toronto-based Providence Therapeutics, said his company became aware of a hacking threat about one month ago, and hired a private security firm.

“We’ve identified one attempt which they thwarted. I won’t say ‘we’; we’re not the cybersecurity guru,” said Sorenson.

Sorenson said his company’s ongoing work to develop a vaccine has been unimpeded, but dealing with cyber threats while coping with the obstacles associated with the pandemic is challenging.

“It’s another distraction while you’re trying to do other important work and trying to co-ordinate with the government.”

Another Canadian company, Medicago, said it was aware of cyberattacks targeting the networks of organizations working on COVID-19 vaccine development.

“We take this threat seriously. Medicago has a strong cybersecurity infrastructure in place, and we continue to be in contact with authorities to further secure our network and infrastructure,” a company spokesman said in a statement.

The joint advisory said APT29 targeted COVID-19 vaccine research and development by scanning specific computer IP addresses of interest for vulnerabilities, a tactic that can help the group obtain login credentials to systems.

“This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value,” the advisory says.

“The group may maintain a store of stolen credentials in order to access these systems in the event that they become more relevant to their requirements in the future.”

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Central zone has 20 active cases of COVID-19

Province identified 143 new cases across Alberta on Wednesday

Province should set mask policy, says city councillor

Digital conference will raise issues of local concern

Education taxes, ambulance dispatch concern Red Deer city councillors at AUMA meeting

The digital convention will raise issues of local concern

High school’s student’s anti-racism video offers hope

Jose Jordan got dozens of high school students to participate

Trail closed near Red Deer water treatment plant until Nov. 1

Construction on intake in river continuing

Liberals vow wage-subsidy extension to 2021, revamp of EI system in throne speech

Canadian labour market was hammered by pandemic, when lockdowns in the spring led to a loss of 3 million jobs

Former Wales star Rob Howley returns to rugby with Canadian national team

Former Wales star Rob Howley returns to rugby with Canadian national team

Back to work: NBA’s non-Disney clubs start team workouts

Back to work: NBA’s non-Disney clubs start team workouts

“We refused to play,” Henry blasts team as Impact lose 3-1 to Revolution

“We refused to play,” Henry blasts team as Impact lose 3-1 to Revolution

4-nation Rugby Championship to be played as 6 doubleheaders

4-nation Rugby Championship to be played as 6 doubleheaders

For NBA players, Taylor grand jury decision ‘not enough’

For NBA players, Taylor grand jury decision ‘not enough’

Pozuelo scores on penalty in 90th, Toronto FC beats NYC 1-0

Pozuelo scores on penalty in 90th, Toronto FC beats NYC 1-0

Blue Jays dump Yankees 14-1 to inch closer to securing post-season berth

Blue Jays dump Yankees 14-1 to inch closer to securing post-season berth

Reactions to the minority Liberal government’s speech from the throne

Reactions to the minority Liberal government’s speech from the throne

Most Read