Experimental study with a possible Covid-19 vaccine. (Icon image)

(Photo: Ted S. Warren / AP)

Mutual allegations of espionage are not uncommon among great powers, but this is a special case: it is probably the most eagerly awaited substance in the world. Britain, the U.S. and Canada accuse Russian hackers of spying on researchers in several countries working on a vaccine against Covid-19. In a remarkable move, the UK’s National Center for Cyber ​​Security, which is part of the GCHQ secret service, released an assessment on Thursday.


The APT29 group, also known as “Cozy Bear”, has tried to gain access to academic and pharmaceutical research facilities looking for a vaccine against the novel coronavirus, the report said. The attackers searched IP addresses of the research centers, which can be found on the Internet, for vulnerabilities and then tried to penetrate their networks. To do this, they tried to use publicly known vulnerabilities such as those in Citrix, a widely used software for remote access to computers. The gap has led to great uncertainty in many companies worldwide since 2019.

According to the United States, Cozy Bear is an elite hacker group of the Russian secret service, and the British report also assigns it “almost certainly” to Russia. The group is responsible for spectacular cyber attacks. Cozy Bear, along with another group that is believed to have been commissioned by Russia, is named Fancy Bear for the hacking of the Democrats before the 2016 US election. Britain’s Foreign Minister Dominic Raab explicitly named Russia an attacker and said: “While others are ruthlessly pursuing their selfish interests, Britain and its allies are continuing to work hard to find a vaccine and protect the world’s health.”

Dmitry Peskov, spokesman for Russian President Vladimir Putin, dismissed the allegations. He told the Bloomberg news agency, “We don’t know who could have hacked the pharmaceutical companies and research centers. We can only say that Russia has nothing to do with these attempts.”


Finding the originator of a hacker attack is complicated, especially for particularly capable attackers who are on behalf of governments. They know how to blur tracks or even leave wrong tracks. The paper, which the British cyber agency has published, is 14 pages long, eight of which consist of a series of numbers, letters and dots that are incomprehensible to laypersons: IP addresses that the attackers are supposed to have used and other so-called “indicators of compromise”, that is, software traces that attackers leave behind in systems.

Intelligence assessments should be treated with caution, forensic knowledge and political interests often mix. But governments are neither light-hearted nor haphazard if, as in this case, they go public and blame another state for a hack. Then they want to convey to the other government: We see what you are doing.

This fits in with the fact that the British authority did not declare whether the hackers actually stole research data. However, the attacks were designed to secure such data. The hackers weren’t interested in torpedoing the research, intelligence officials said.


It is not the first report of a hacker attack against a facility that is researching a vaccine. According to Israeli media reports from April, hackers targeted laboratories in the country to sabotage the research. The FBI and the US cyber security agency Cisa had warned in May that hackers on behalf of China were targeting “intellectual property” and research data on a vaccine. However, they Americans presented no evidence. NATO issued a statement in June that reads like a warning: cyber attacks will not be tolerated, especially in the Corona crisis. The military alliance “will deter, defend and counter with the full range of its possibilities”.

Lukasz Olejnik, an independent IT security analyst and consultant specializing in cyber warfare, says: “Research institutes are not prepared for such intense cyber break-ins”, even though research data on Covid-19 are currently “hot goods”.

The Wall Street Journal According to the UK, early in the year began to better protect research centers dealing with Covid-19 against hacker attacks – including Oxford University, where experts are working on a vaccine.