A hacker group that “almost certainly operates as part of Russian intelligence services” has tried to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to a joint assessment by intelligence agencies in all three countries.
The Communications Security Establishment (CSE), Canada’s foreign signals intelligence agency, and its U.K. and U.S. counterparts identified the hacker group as APT29, which was also accused of hacking the Democratic National Committee before the 2016 U.S. election.
“CSE assesses that APT29, also named ‘the Dukes’ or ‘Cozy Bear’ was responsible for this malicious activity, and almost certainly operates as part of Russian intelligence services,” the signals intelligence agency said in a statement on threat activity released Thursday.
“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic,” the CSE statement said.
Thursday’s joint statement comes after CSE reported in a previous threat assessment bulletin that in early April, “individuals associated with a Canadian university engaged in COVID-19 research and a Canadian provincial government health agency were targeted by COVID-19-themed phishing attacks attempting to deliver ransomware.”
The CSE did not assign responsibility for the reported phishing attacks.
Defence Minister Harjit Sajjan and Foreign Affairs Minister François-Philippe Champagne issued a statement Thursday without naming Russia either.
“We must call out irresponsible state behavior that violates the rules-based international order and strive to live and work in a cyber environment that is open, stable, peaceful and secure,” the statement said.
“In Canada, we are committed to defending these principles in cyberspace, especially when they touch on the interests of Canadians.”
A spokesperson for the Russian embassy in Canada dismissed the allegations as “fake accusations in Blame Russia style of hacking attacks, now in COVID-19 wrap.”
“Almost certainly this malicious anti-Russia psi-ops is very likely aimed at diverting public attention from [their] own sins and failures,” the Russian embassy said in a statement.