Current News



UK says Russians are trying to steal vaccine research

Kitty Donaldson and Ryan Gallagher, Bloomberg News on

Published in News & Features

The U.K. accused Russian state intelligence of hacking international pharmaceutical and academic research in a bid to win the race to secure a vaccine against COVID-19.The U.K.'s National Cyber Security Centre (NCSC) said vaccine and therapeutic sectors in multiple countries have been targeted, declining to list the names and number of institutions affected on security grounds.

The U.K. named the group responsible for the hacking as APT29, saying it is "almost certainly" part of Russian state intelligence. The group also goes by the name of Cozy Bear or The Dukes and has targeted U.K., U.S. and Canadian vaccine research and development organizations.

The campaign of malicious activity is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property, according to the NCSC.

"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," NCSC Director of Operations Paul Chichester said in an emailed statement. "Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector."

Hacking campaigns

Researchers have long linked APT29 to Russian intelligence agencies. For more than a decade, the group has carried out hacking campaigns that have targeted dozens of governments, research institutes, and corporations around the world, according to an analysis published in March by cybersecurity firm Carbon Black.

The group was first identified in November 2008 using malware to target Chechens, according to a March 2015 report published by the Finnish security firm F-Secure. Later, APT29 broadened its targets. It attempted to hack government departments in Georgia, Turkey, Uganda, and appeared to be trying to gather information about the activities of NATO, according to the F-Secure report.


In 2016, US cybersecurity firm Crowdstrike linked APT29 to the Democratic National Committee. The Russian hackers penetrated the DNC's servers in the summer of 2015, and maintained access to the organization's data for about a year, according to Crowdstrike researchers. Crowdstrike CEO Sean Henry told the House Intelligence Committee in December 2017 that he had a "high degree of confidence it was the Russian Government" behind that attack.

Artturi Lehtio, director of strategy and corporate development for F-Secure, has closely followed APT29's activities. He said that if the group has been targeting COVID-19 research organizations, it was "slightly unusual," as the group usually targets foreign and security policy-related organizations.

"They traditionally go after intelligence that would inform policy and their interactions with other nations," he said. But the group sometimes deviates from those targets, he said, and involves multiple state actors in Russia with differing priorities.

(c)2020 Bloomberg News

Visit Bloomberg News at

Distributed by Tribune Content Agency, LLC.