Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Russian Hackers Blamed for Attacks on Coronavirus Vaccine-Related Targets

Friday, July 17, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

A prominent state-backed Russian hacking group was blamed Thursday by U.S., U.K. and Canadian government officials for ongoing cyber espionage against organizations involved in the development of coronavirus vaccines and other health-care-related work, reflecting an escalation of security risks at a crucial time in the global response to the pandemic.

Western intelligence officials said that they jointly assessed Russia as the source of the persistent hacking activity in several countries. The targets, officials said, include governments, think tanks, universities, private companies and other organizations working on vaccine research and testing globally.

The attacks are designed to steal intellectual property related to the response to Covid-19, the U.S. National Security Agency, along with its British and Canadian counterparts, said.

Efforts to develop a vaccine have become an international arms race, with winners seen as benefiting from access to treatments that would help improve national health and economic stability. Those factors make the scientific secrets behind vaccine development valuable.

The accusation comes as coronavirus cases have surged in the U.S., with confirmed cases climbing to more than 3.5 million a little over a week after crossing the 3 million mark, and as newly reported infections around the world reached a record. The U.S., which saw a single-day record 67,417 new confirmed cases Tuesday, added about 66,300 on Wednesday, according to Johns Hopkins University.

The Western officials identified the hacking group as Russia-supported APT29, which is also known as Cozy Bear. APT29 is widely viewed by cybersecurity experts to be a sophisticated and prolific cyber unit associated with Russian intelligence and has previously been linked to attacks on the White House, the U.S. State Department, the Democratic National Committee and European governments.

“Throughout 2020, APT 29 has targeted various organizations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines,” British, American and Canadian security agencies said in a technical report.

The warning—designed to help current and potential targets boost defenses—follows already stepped-up protection of institutions involved in virus research, including vaccine development. The Western allies’ report said the Russian group has shown some success gaining footholds in targeted computer networks by exploiting software vulnerabilities and using spearphishing attacks to compromise login credentials. But U.K. officials said the attacks haven’t thwarted vaccine-related work of which they know.

The U.K. this year stepped up efforts to protect the University of Oxford and about a dozen universities battling the virus from cyberattacks. Oxford is working with U.K. drugmaker AstraZeneca PLC on a leading vaccine candidate that they say could be ready by this autumn. An Oxford spokesman said the university was working closely with Britain’s National Cyber Security Centre to ensure its research had the best cyber protection. An AstraZeneca spokesman had no immediate comment about the hacking warnings.

Anne Neuberger, director of cybersecurity at the National Security Agency, said foreign actors were trying to take advantage of the pandemic. “We encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” she said.

Russian presidential spokesman Dmitry Peskov told the official state news agency RIA Novosti that Russia “will not accept such allegations.”

There was no response from Russia’s Federal Security Service, nor from the Ministry of Digital Development, Communications and Mass Media, which deals with cybersecurity.

Russia has mobilized its armed forces and top scientists to develop its own coronavirus vaccine after President Vladimir Putindemanded the country have one by this fall. The rush comes after Russia initially wavered over whether to impose lockdowns to curb the spread of the virus.

The U.K. cyber center said it relied on several sources to arrive at its conclusion that Russia was behind the activity. It said the attackers used custom-built malware dubbed “WellMess” or “WellMail” to target organizations across the globe working on vaccine research. The NSA supported the attribution of the hacking activity to Russia.

Canada’s Communications Security Establishment, which is in charge of cybercrime, said the attacks hindered the efforts of health-care experts and researchers trying to fight the pandemic. It urged Canadian hospitals and clinics to bolster protections against possible attacks.

The U.S.-based cyber firm CrowdStrike accused the same Russian group of hacking into the DNC in the lead-up to the 2016 election, saying it quietly monitored email and chat conversations for months without detection.

A separate hacking group linked to Russian military intelligence was also accused of breaking into the DNC and implicated in stealing and leaking emails as part of a broader cyber effort that U.S. intelligence agencies later concluded was intended to harm Democratic candidate Hillary Clinton’s campaign and boost Mr. Trump. That finding was corroborated by former special counsel Robert Mueller and a bipartisan report by the Senate Intelligence Committee. Russia has denied the attacks.

In the U.K., authorities noticed a significant increase in malicious activity in June, much of which they believed to be Russian, according to people briefed on the activity.

In one case of apparently mistaken identity, attackers repeatedly tried to hack a health-care entity containing “Oxford” in its name but not part of the university, according to the people.

Russia isn’t the only country seeking to steal intellectual property from foreign computer networks, say government and private-security experts involved in responses.

In May, U.S. officials issued a public alert accusing Chinese hackers of targeting American universities and health-care companies in a bid to steal intellectual property, saying that intrusions could jeopardize medical research.

Trump administration officials have also said privately that Iran or its proxies have been targeting similar types of facilities using a relatively crude technique known as password spraying, which attempts to compromise an organization by rapidly guessing common account-login passwords.

Among Iran’s recent targets, people familiar with the matter have said, was the pharmaceutical company Gilead Sciences Inc., which has produced the antiviral drug remdesivir that was given emergency-use authorization by the Food and Drug Administration as a potential Covid-19 treatment.

Security experts also say that they have seen several adversaries seek to steal research related to the coronavirus and that such attempts weren’t surprising given the severity of the pandemic.

“Covid-19 is an existential threat to every government in the world right now, so it’s no surprise to see them leveraging their cyber espionage capabilities to gather information on a cure,” said John Hultquist, director of intelligence analysis at U.S.-based cyber firm FireEye and a longtime watcher of APT29. “We have seen the Russians as well as Chinese and Iranian actors target the pharmaceutical and research space in an effort to gather information on developing vaccines.”

Photo: Russia's President Vladimir Putin has demanded the country have a coronavirus vaccine by the fall. - PHOTO: ALEXEI DRUZHININ/KREMLIN/REUTERS

Link: https://www.wsj.com/articles/russian-hackers-blamed-for-attacks-on-coronavirus-vaccine-related-targets-11594906060?mod=tech_lead_pos2

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.