How Russian hackers went after the world’s coronavirus vaccine secrets

UK, US and Canada say researchers have come under attack from the Kremlin

Vladimir Putin at a lab in Abkhazia
The UK, US and Canada say researchers have come under attack from the Kremlin
(Image credit: 2009 AFP)

Britain has accused the Russian government of trying to steal information from researchers working on coronavirus vaccines in the UK, the US and Canada.

The three nations claim that state-linked hacking group APT29, also known as Cozy Bear, is “attacking academic and pharmaceutical research institutions” involved in vaccine development programmes, Al Jazeera reports.

It remains unclear whether the alleged attempts to access research data have been successful.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

What is the evidence?

Britain’s National Cyber Security Centre (NCSC) issued a 16-page “advisory” yesterday setting out details of the alleged attack and giving laboratories, universities and research centres instructions on how to protect themselves.

“The NCSC gave a large amount of detail,” The Telegraph reports, “even releasing the ‘digital fingerprints’ of the tools used by the Cozy Bear hackers in an attempt to help institutions update their cyber defences to protect themselves against similar attacks.”

Cozy Bear hackers have also “been linked to attacks on the US Democratic party in the run-up to 2016 elections”, as well as “orchestrated attacks on Norwegian foreign and defence ministries” in 2017, says The Guardian.

“It has previously been alleged that the group is controlled by the Russian FSB spy agency or its SVR foreign intelligence agency,” the newspaper adds.

In the most recent attacks, the hackers have allegedly used a technique called “spear fishing”, in which people who work in labs are targeted with personalised messages using information gleaned from LinkedIn and other social networks.

The goal is to trick the recipient into entering passwords into websites that mimic legitimate professional software.

The new NCSC dossier includes “the IP addresses of servers used by the Russian hackers to control their software, as well as other snippets of code which cybersecurity experts can use to update their networks to automatically scan for and remove the malware”, according to The Telegraph.

What is Russia saying?

The Russian government has rejected the accusations out of hand. “This statement is so vague and contradictory that it’s actually impossible to comprehend,” said a spokesperson for the Russian Foreign Ministry.

President Vladimir Putin’s press secretary, Dmitry Peskov, was also unequivocal in his denial. “We can say one thing,” Peskov told Russian media. “Russia has nothing at all to do with these attempts.”

But his predecessor as presidential spokesperson, Sergey Markov, had a different take.

“Every nation has an intelligence service,” Markov told The Times. “Their working is illegal, but legitimate anyways. Russia sort of denies these activities. It’s also normal - it’s all games. All nations, they deny they’re doing it because it’s illegal.”

Why does it matter?

At first glance, the reported attacks against research institutions are puzzling.

“For the most part, the vaccines are not secret,” says MIT Technology Review. “They’re described in scientific reports, and their make-up is known - although details of their manufacture, and supply agreements, could be valuable secrets to steal.”

The medical response to Covid-19 has generated huge geopolitical competition, points out Andrei Soldatov, an expert on Russian security services. The disease “suddenly became such a big political factor, it affects everybody in every possible way, so there’s a big temptation to use this as an opportunity”, he told The Guardian.

Although stealing details of a life-saving vaccine may seem like a victimless crime, “one of the main concerns” of both of the UK teams leading the research, at Oxford University and Imperial College London, is that “potentially dangerous pirate versions of their vaccines could be made by rogue producers”, The Times reports.

“Many of their efforts to guard intellectual property have been structured to thwart counterfeiting.”

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.

Holden Frith is The Week’s digital director. He also makes regular appearances on “The Week Unwrapped”, speaking about subjects as diverse as vaccine development and bionic bomb-sniffing locusts. He joined The Week in 2013, spending five years editing the magazine’s website. Before that, he was deputy digital editor at The Sunday Times. He has also been’s technology editor and the launch editor of Wired magazine’s UK website. Holden has worked in journalism for nearly two decades, having started his professional career while completing an English literature degree at Cambridge University. He followed that with a master’s degree in journalism from Northwestern University in Chicago. A keen photographer, he also writes travel features whenever he gets the chance.