Canada’s Communications Security Establishment, the agency responsible for the country’s foreign signals intelligence, said the attacks served to “hinder response efforts at a time when healthcare experts and medical researchers need every available resource to help fight the pandemic”.
The agency said in May that it was “near certain” that state-sponsored actors had “shifted their focus” during the pandemic.
The US National Security Agency and the British National Cyber Security Centre declined to identify victims of the hacks, although academic organisations and labs doing vaccine research appear to have been their focus.
The US National Security Agency said the hackers were trying to steal information by targeting organisations using malware and sending fraudulent emails to trick people into turning over passwords and other security credentials, in an effort to access the research as well as information about medical supply chains.
Britain’s security centre said the group responsible was APT29 which is also known as “the Dukes” and “Cozy Bear”.
The centre is 95 per cent certain that APT29 is part of the Russian intelligence services. APT29 was responsible for the hack of the Democratic National Committee’s emails, which were later published by Wikileaks.
David Higgins from global software security company CyberArk’s Sydney office said the style of the hacking was common.
“The attacks that the NCSS are reporting bear all the hallmarks of a multitude of previous attempts that have affected the private and public sector – exploiting people or a known vulnerability, then seeking to use valid credentials to access the systems or data they are targeting.”
Matthew Schmidt, an expert on Russia at the University of New Haven in the US, said the attacks demonstrated Russia’s weakness under President Vladmir Putin.
“That Russia hacked vaccine research is a statement of the weakness of Russian science under 20 years of Putin’s rule,” he said.
“He has failed his country; Russia was once a world leader in science.”
In May, Britain and the US said networks of hackers were targeting national and international organisations responding to the pandemic but did not connect them to the Russian state.
British Foreign Secretary Dominic Raab said it was “completely unacceptable” that the Russian intelligence services were targeting those working to combat COVID-19.
“While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health,” he said.
“The UK will continue to counter those conducting such cyber attacks, and work with our allies to hold perpetrators to account.”
Kremlin spokesman Dmitry Peskov denied Russian involvement and said the accusations were not backed by proper evidence.
On Thursday, for the first time the centre identified the custom malware being used by APT29 as “WellMess” and “WellMail” to target a number of organisations that are developing vaccines.
The centre said the group had been using publicly available tools to collect authentication details to large numbers of global systems with negligible intelligence value but was likely storing them for future use, with the aim of penetrating systems further.
“We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” the centre’s Paul Chicester said.
“Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector.”
In a written statement to the Commons, Raab also accused Russia of hacking British government documents relating to the UK-US free trade agreement that were used by former Labour leader Jeremy Corbyn during the December campaign.
Corbyn held up copies of the unredacted documents at the height of the campaign, claiming they were evidence that Johnson and US President Donald Trump were conspiring to sell off the NHS.
Raab said the government was “almost certain” that Russian actors had sought to interfere in the 2019 general election by illicitly acquiring the government documents and leaking them online the social media website Reddit.
“Whilst there is no evidence of a broad spectrum Russian campaign against the General Election, any attempt to interfere in our democratic processes is completely unacceptable,” Raab said.
“There is an ongoing criminal investigation and it would be inappropriate for us to say anything further at this point.”
The revelations came amid an extraordinary putsch against Number 10 over the prestigious role of the Intelligence Committee.
Julian Lewis, a conservative MP was booted out of the partyroom after he launched a late-hour campaign to beat Number 10’s candidate Chris Grayling as chair of the committee.
Grayling, a former minister whose political career is littered with scandals earning him the nickname ‘failing Grayling,’ was an early backer of Boris Johnson’s leadership campaign and seen as a patsy of Number 10 and Johnson’s powerful chief adviser Dominic Cummings.
Lewis’ coup, supported by Labour and the Scottish National Party is highly significant because he is a hawk on security issues and was one of the MPs pushing the government to take a tougher line on China and Huawei.
The intelligence committee operates independently and oversees the operations of MI5, MI6, GCHQ, Defence Intelligence, the Joint Intelligence Organisation, the National Security Secretariat and the Office for Security and Counter-Terrorism.
Latika Bourke is a journalist for The Sydney Morning Herald and The Age, based in London.