Russian hackers behind recent cyber attacks against Canadian COVID-19 research organizations: CSE

Canada, the U.S. and the U.K. issued a joint statement alleging that the hackers were likely trying to steal information about the development of COVID-19 vaccines

A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018. REUTERS/Kacper Pempel

Share Adjust Comment Print

OTTAWA – Canada’s digital spy agency says Russian intelligence services are behind recent cyber attacks attempting to steal information and intellectual property from Canadian research labs working on potential COVID-19 vaccines.

In a statement published Thursday morning, CSE says that a well-known Russian hacker group known as APT29, “the Dukes” or “Cozy Bear” was behind the cyber attacks. The federal agency says the group “almost certainly operates as part of Russian intelligence services.”

The statement is part of a joint release with United Kingdom and United States counterparts, who also detected similar attacks on their territories.

“Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines,” reads an advisory from the U.K.’s National Cyber Security Centre.

CSE says the Russian hackers turned to custom malware they were not previously known to use in order to conduct the cyber attacks, such as tools called “WellMess” and “WellMail.”

More to come