National security agencies in the United Kingdom, United States and Canada on Thursday accused hackers linked to Russian intelligence services of targeting organizations conducting COVID-19 vaccine research with custom malware in an effort to steal intellectual property.
The U.K.'s National Cybersecurity Centre issued the joint advisory, which was also shared by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA), as well as Canada's Communications Security Establishment.
The agencies warned that the group known as APT29 — also referred to as "the Dukes" or "Cozy Bear" — was behind the attacks. It was not immediately clear if the group was successful in obtaining any data.
"Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines," the advisory said.
The hacker group used malware known as "WellMess" and "WellMail" to target organizations around the world, the agencies said. Their report detailed APT29's tactics and shared ways to identify whether data had been compromised.
"System owners and administrators are encouraged to follow the mitigation steps in the advisory to reduce risk of being compromised by this actor," the NSA said in its own statement.
U.S. authorities have previously accused cyber actors linked to the Chinese government of similar efforts. The FBI and CISA said in May that Chinese hackers were "attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research."