Western Governments Accuse Russia of Hacking Virus Vaccine Trials

Relations between Russia and the U.K., meanwhile, have plummeted since former spy Sergei Skripal and his daughter were poisoned with a Soviet-made nerve agent in the English city of Salisbury in 2018, though they later recovered.

Britain blamed Moscow for the attack, which triggered a round of retaliatory diplomatic expulsions between Russia and Western countries.

More broadly, Thursday's announcement speaks to the cybersecurity vulnerability created by the pandemic and the global race for a vaccine.

The U.S. Department of Homeland Security’s cybersecurity agency warned in May that cybercriminals and other groups were targeting Covid-19 research.

They noted at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.

Profit-motivated criminals have exploited the situation, and so have foreign governments “who also have their own urgent demands for information about the pandemic and about things like vaccine research," Tonya Ugoretz, a deputy assistant director in the FBI's cyber division, said at a cybersecurity conference last month.

“Some of them are using their cyber capabilities to, for example, attempt to break into the networks of those who are conducting this research as well as into nongovernmental organizations to satisfy their own information needs," Ugoretz said.

The alert did not name the targeted organizations themselves or say how many were affected.

But it did say the organizations were in the U.S., U.K., and Canada, and said the goal was to steal information and intellectual property related to vaccine development.

Britain’s NCSC said its assessment was shared by the National Security Agency, the Cybersecurity, and Infrastructure Security Agency, and by the Canadian Communication Security Establishment.

A 16-page advisory prepared by Western agencies and made public Thursday accuses Cozy Bear of using custom malicious software to target a number of organizations globally.

The malware, called WellMess and WellMail, has not previously been associated with the group, the advisory said.

“In recent attacks targeting Covid-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.

Cozy Bear is one of two hacking groups suspected of separate break-ins of computer networks of the Democratic National Committee before the 2016 U.S. election.

Stolen emails were then published by WikiLeaks in what U.S. intelligence authorities say was an effort to aid Trump's campaign over Democratic rival Hillary Clinton.