The notorious hacker collective is known as "Cozy Bear," which hacked the Democratic National Committee before the 2016 U.S. election, has stolen research related to vaccines and other medicines for curing COVID-19 being developed in Canada, the United Kingdom and the United States. All three countries are condemning Russia for the criminal intrusion.
The dramatic reemergence of this notorious group was revealed simultaneously on Thursday by security services in all three countries. These are the Communications Security Establishment (CSE) in Canada, the National Cyber Security Centre (NCSC) in the UK and the U.S. National Security Agency (NSA).
Cozy Bear, also called "the Dukes," is classified as an "Advanced Persistent Threat," by cybersecurity firms. It is designated APT 29. APT is an acronym that refers to a state-sponsored hacking group.
Cozy Bear is run by the Foreign Intelligence Service of the Russian Federation (SVR RF), the Russian external intelligence agency that focuses on civilian targets.
Spy agencies of Canada, the UK and US said Cozy Bear and other Russian actors are using custom malware is known as "WellMess" and "WellMail" to attack organizations and scientific institutions globally during the COVID-19 pandemic.
The Communications Security Establishment (CSE), the Canadian spy agency responsible for Canada's foreign signals intelligence, affirms Cozy Bear is behind the hacks.
"These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when health care experts and medical researchers need every available resource to help fight the pandemic," said CSE in a statement.
CSE demurred when asked if the hacks were successful, leading cyber security experts to conclude they were. CSE gave an evasive reply, saying it's not able to comment on, or confirm details about specific cybersecurity incidents.
CSE, however, emphasized Cozy Bear "almost certainly operates as part of Russian intelligence services" in coordination with other Russian spy agencies.
Canadian Defense Minister Harjit Sajjan and Foreign Affairs Minister François-Philippe Champagne issued a joint statement Thursday condemning "malicious state actors attempting to steal information and intellectual property."
"We must call out irresponsible state behavior that violates the rules-based international order and strive to live and work in a cyber environment that is open, stable, peaceful and secure," said the statement.
They said the Canadian government is committed to defending these principles in cyberspace.
UK Foreign Secretary Dominic Raab said if Russia wants to rejoin international forums, it has to live up to its international responsibilities.
"I think it's important to call it out because we're not going to wait until there is harm," he said in London.
"It's clearly wrong, contrary to international law, contrary to Russia's responsibilities as a member of the international community -- and indeed a permanent member of the [UN] Security Council -- to be targeting with cyber attacks the international effort, not just here in the UK, but in Canada, in the U.S., to try and find a vaccine, which is for the greater good of the world."
