Advertisement

What is Cozy Bear? What we know about the hackers accused of targeting COVID-19 research

Click to play video: 'Russian hackers accused of targeting global COVID-19 vaccine research' Russian hackers accused of targeting global COVID-19 vaccine research
WATCH ABOVE: Russian hackers accused of targeting global COVID-19 vaccine research – Jul 16, 2020

Western cybersecurity officials have issued a warning — they believe hackers backed by the Russian government are looking to gain access to COVID-19 research around the world.

In a joint release on Thursday with the U.S. and U.K., the Communications Security Establishment (CSE) said a group called Cozy Bear has been targeting organizations carrying out vaccine research — “very likely” in attempts to steal data and intellectual property.

Cozy Bear’s activities include the use of a type of malware known as “WellMess” and “WellMail,” according to a statement from the CSE.

Click to play video: 'Russian hackers target COVID-19 vaccine research in Canada, U.S. and U.K. according to intelligence agency' Russian hackers target COVID-19 vaccine research in Canada, U.S. and U.K. according to intelligence agency
Russian hackers target COVID-19 vaccine research in Canada, U.S. and U.K. according to intelligence agency – Jul 16, 2020

While the group is being freshly linked to hacking efforts related to the pandemic, Cozy Bear is a familiar name to cybersecurity experts.

Story continues below advertisement

The group — also known as The Dukes or Advanced Persistent Threat 29 (APT29) — is best known for a hack that took place in the lead-up to the 2016 U.S. election.

Read more: Russian hackers target Canada, U.S., and U.K.’s COVID-19 vaccine research: intelligence agency

Cozy Bear, along with another presumed Russian hacking unit called Fancy Bear, is widely suspected to be behind breaches of networks belonging to the Democratic National Committee.

Stephanie MacLellan, a disinformation and cybersecurity expert, said the two groups differ in their activities.

“Cozy Bear… tends to be more known for gathering information rather than releasing it, whereas Fancy Bear is the one that’s a little bit more involved with some of the hacks and releases of information, like what we saw with the [Hillary Clinton campaign chairman] John Podesta emails,” she said.
Click to play video: 'Bill Blair decries ‘foreign actors’ behind global hacking attempt for COVID-19 vaccine data' Bill Blair decries ‘foreign actors’ behind global hacking attempt for COVID-19 vaccine data
Bill Blair decries ‘foreign actors’ behind global hacking attempt for COVID-19 vaccine data – Jul 16, 2020

In addition to the Democratic National Convention hack, Cozy Bear has been connected to attacks on the Pentagon email system in 2015, U.S. think tanks in 2016, and Norwegian government networks in 2017, according to a cybersecurity database established by the Council on Foreign Relations.

Story continues below advertisement

Cozy Bear has been strongly linked with Russia. Thursday’s statement said that Cozy Bear is “almost certainly” operating as part of Russian intelligence operations.

Read more: Russia behind global cyber-espionage campaign, U.S. and U.K. say

While Fancy Bear is said to be tied to the Russian military, Cozy Bear has been linked to Russia’s foreign intelligence service, said Mark Nunnikhoven, vice-president of cloud research for TrendMicro.

Nunnikhoven also noted that generally speaking, it’s very tough to identify the actors behind cyberattacks — attributions are made based on patterns observed.

“Right now, when this kind of nation-state political play starts to happen, all we have is the word of various spy agencies or intelligence agencies as to who is doing this activity,” Nunnikhoven told the Geoff Currier Show on Global News Radio Friday.

Story continues below advertisement

Based on the advisory from cybersecurity agencies, Cozy Bear’s alleged activities during the COVID-19 pandemic appear to be in keeping with a pattern of information gathering as opposed to direct sabotage or disruption, said MacLellan, the managing editor of Ryerson University’s First Policy Response, a policy project focused on COVID-19 recovery.

Researchers and companies around the world are scrambling to develop vaccine candidates to curb the rate of COVID-19 infection, a process that experts say could take a year or even longer.

It could very well be that countries like Russia are trying to get the information as soon as they can,” MacLellan said.

“They’re probably under huge pressure internally to try and develop vaccines before some of their international rivals. It could be a matter of not wanting to be beholden to countries like the United States or Canada for vaccines that come to market first.”

The joint report from cybersecurity authorities warned that Cozy Bear is likely to continue its activities as the pandemic unfolds.

Click to play video: 'Russia accused of cyberattacks in Canada and around the world' Russia accused of cyberattacks in Canada and around the world
Russia accused of cyberattacks in Canada and around the world – Oct 4, 2018

The Kremlin has rejected the allegations made in the joint report, which a spokesperson said were not backed by proper evidence, Russian news agency RIA reported.

Story continues below advertisement

–With files from The Associated Press and Reuters

Sponsored content