LONDON: Attempts by Russian-backed hackers to steal COVID-19 vaccine research from Britain are "completely unacceptable" but have not done any damage, security minister James Brokenshire said on Friday (Jul 17).

Britain's National Cyber Security Centre (NCSC) said on Thursday that hackers backed by the Russian state had tried to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world. Russia has rejected London's allegations.

"It's completely unacceptable for the Russian intelligence agencies to seek to get into the systems of those who are seeking to respond to this crisis ... to develop a vaccine," Brokenshire told Sky News.

"There's no evidence or information of any damage or, or any sort of harm."

A coordinated statement from Britain, the United States and Canada attributed the attacks to group APT29, also known as 'Cozy Bear', which they said was almost certainly operating as part of Russian intelligence services.

"We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic," said NCSC Director of Operations, Paul Chichester.

Russian news agency RIA cited spokesman Dmitry Peskov as saying the Kremlin rejected London's allegations, which he said were not backed by proper evidence.



British foreign minister Dominic Raab said it was "completely unacceptable" for Russian intelligence services to target work on the pandemic.

"While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health," he said in a statement. He said Britain would work with allies to hold perpetrators to account.

The NCSC said the group's attacks were continuing and used a variety of tools and techniques, including spear-phishing and custom malware.

"APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic," the NCSC statement said.

The US Department of Homeland Security and US Cyber Command also released technical information on Thursday about three hacking tools being deployed by the Russian hackers, codenamed WELLMAIL, SOREFANG and WELLMESS.

Private sector cybersecurity researchers who had spotted the WELLMESS malware over the last year were unaware of its Russian origins until Thursday.

In several cases, WELLMESS was found within US pharmaceutical companies, said three investigators familiar with the matter, who spoke on condition of anonymity to discuss confidential information. The tool allowed the hackers to stealthily gain remote access to secure computers. They declined to name the victims.

Canadian authorities said the attacks were hindering response efforts and that risks to health organisations were elevated. Canada's signals intelligence and cyber threat centre advised institutions to take action to protect themselves.

Britain and the United States said in May that networks of hackers were targeting national and international organisations responding to the pandemic. But such attacks have not previously been explicitly connected to the Russian state.

