WASHINGTON: Western governments on Thursday accused hackers believed to be part of Russian intelligence of trying to steal valuable private information about a coronavirus vaccine, calling out the Kremlin in an unusually detailed public warning to scientists and medical companies.
The alleged culprit is a familiar foe. Intelligence agencies in the United States, United Kingdom and Canada say the hacking group APT29, also known as Cozy Bear, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development. The same group was implicated in the hacking of Democratic email accounts during the 2016 US presidential election.
It was unclear whether any useful information was stolen. But British Foreign Secretary Dominic Raab said, “It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic.”
He accused Moscow of pursuing “selfish interests with reckless behavior.”
Sticking to more general language, White House press secretary Kayleigh McEnany said, “We worked very closely with our allies to ensure that we would take measures to keep that information safe and we continue do so so.”
The allegation that hackers linked to a foreign government are attempting to siphon secret research during the pandemic is not entirely new. US officials as recently as Thursday have accused China of similar conduct. But the latest warning was startling for the detail it provided, attributing the targeting by name to a particular hacking group and specifying the software vulnerabilities the hackers have been exploiting.
Also, Russian cyberattacks strike a particular nerve in the US given the Kremlin’s sophisticated campaign to influence the 2016 presidential election. And the coordination of the new warning across continents seemed designed to add heft and gravity to the announcement and to prompt the Western targets of the hackers to protect themselves.
“I think (the governments) have very specific intelligence that they can provide,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence. “The report is full of specific operational information that defenders can use” to protect their networks.
Russian President Vladimir Putin’s spokesman, Dmitry Peskov, rejected the accusations, saying, “We don’t have information about who may have hacked pharmaceutical companies and research centers in Britain.”
“We may say one thing: Russia has nothing to do with those attempts,” Peskov said, according to the state news agency Tass.
The accusations come at a tenuous time for relations between Russia and both the US and UK
Besides political ill will, especially among Democrats, about the 2016 election interference, the Trump administration is under pressure to confront Russia over intelligence information that Moscow offered bounties to Taliban fighters to attack allied fighters.
The Democratic chairman of the House Intelligence Committee, Adam Schiff, said “it’s clear that Russia’s malign cyber operations and other destabilizing activities — from financial and other material support to non-state actors in Afghanistan to poisoning dissidents in democratic countries — have persisted, even when exposed.” He urged President Donald Trump to condemn such activities.
The vaccine assessment came two years to the day after Trump met with Putin in Helsinki and appeared to side with Moscow over US intelligence agencies about the election interference. The UK did not say whether Putin knew about the more recent research hacking, but British officials believe such intelligence would be highly prized.
Relations between Russia and the UK, meanwhile, have plummeted since former spy Sergei Skripal and his daughter were poisoned with a Soviet-made nerve agent in the English city of Salisbury in 2018, though they later recovered. Britain blamed Moscow for the attack, which triggered a round of retaliatory diplomatic expulsions between Russia and Western countries.
More broadly, Thursday’s announcement speaks to the cybersecurity vulnerability created by the pandemic and the global race for a vaccine.
The US Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.
Profit-motivated criminals have exploited the situation, and so have foreign governments “who also have their own urgent demands for information about the pandemic and about things like vaccine research,” Tonya Ugoretz, a deputy assistant director in the FBI’s cyber division, said at a cybersecurity conference last month.
“Some of them are using their cyber capabilities to, for example, attempt to break into the networks of those who are conducting this research as well as into nongovernmental organizations to satisfy their own information needs,” Ugoretz said.
The alert did not name the targeted organizations themselves or say how many were affected. But it did say the organizations were in the US, UK and Canada, and said the goal was to steal information and intellectual property related to vaccine development.
Britain’s NCSC said its assessment was shared by the National Security Agency, the Cybersecurity and Infrastructure Security Agency and by the Canadian Communication Security Establishment.
A 16-page advisory prepared by Western agencies and made public Thursday accuses Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the group, the advisory said.
“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.
Cozy Bear is one of two hacking groups suspected of separate break-ins of computer networks of the Democratic National Committee before the 2016 US election. Stolen emails were then published by WikiLeaks in what US intelligence authorities say was an effort to aid Trump’s campaign over Democratic rival Hillary Clinton.
A report on Russian election interference by former special counsel Robert Mueller called out another group, Fancy Bear, in the hack-and-leak operation. Cozy Bear, though, operates “quietly gaining access and gathering intelligence,” said Hultquist of the Mandiant cybersecurity firm.
Their goal, he said, is “good old-fashioned espionage.”
Separately, Thursday, Britain accused “Russian actors” of trying to interfere in December’s UK national election by circulating leaked or stolen documents online. Unlike in the vaccine report, the UK did not allege that the Russian government was involved in the political meddling.
Russia is hacking virus vaccine trials, US, UK, Canada say
https://arab.news/8mcav
Russia is hacking virus vaccine trials, US, UK, Canada say
- The alleged culprit is known as APT29, the same group was implicated in the hacking of Democratic email accounts during the 2016 US presidential election
Federal agents must limit tear gas for now at protests outside Portland ICE building, judge says
- The ruling came in response to a lawsuit filed by the ACLU of Oregon on behalf of protesters and freelance journalists covering demonstrations at the flashpoint US Immigration and Customs Enforcement building
PORTLAND, Oregon: A judge in Oregon on Tuesday temporarily restricted federal officers from using tear gas at protests at the US Immigration and Customs Enforcement building in Portland, just days after agents launched gas at a crowd of demonstrators including young children that local officials described as peaceful.
US District Judge Michael Simon ordered federal officers not to use chemical or projectile munitions on people who pose no imminent threat of physical harm, or who are merely trespassing or refusing to disperse. Simon also limited federal officers from firing munitions at the head, neck or torso “unless the officer is legally justified in using deadly force against that person.”
Simon, whose temporary restraining order is in effect for 14 days, wrote that the nation “is now at a crossroads.”
“In a well-functioning constitutional democratic republic, free speech, courageous newsgathering, and nonviolent protest are all permitted, respected, and even celebrated,” he wrote. “In helping our nation find its constitutional compass, an impartial and independent judiciary operating under the rule of law has a responsibility that it may not shirk.”
Ruling follows a lawsuit filed by the ACLU of Oregon
The ruling came in response to a lawsuit filed by the ACLU of Oregon on behalf of protesters and freelance journalists covering demonstrations at the flashpoint US Immigration and Customs Enforcement building.
The suit names as defendants the Department of Homeland Security and its head Kristi Noem, as well as President Donald Trump. It argues that federal officers’ use of chemical munitions and excessive force is a retaliation against protesters that chills their First Amendment rights.
The Department of Homeland Security said federal officers have “followed their training and used the minimum amount of force necessary to protect themselves, the public, and federal property.”
“DHS is taking appropriate and constitutional measures to uphold the rule of law and protect our officers and the public from dangerous rioters,” spokesperson Tricia McLaughlin said.
Courts consider question of tear gas use
Cities across the country have seen demonstrations against the administration’s immigration enforcement surge.
Last month, a federal appeals court suspended a decision that prohibited federal officers from using tear gas or pepper spray against peaceful protesters in Minnesota who aren’t obstructing law enforcement. An appeals court also halted a ruling from a federal judge in Chicago that restricted federal agents from using certain riot control weapons, such as tear gas and pepper balls, unless necessary to prevent an immediate threat. A similar lawsuit brought by the state is now before the same judge.
The Oregon complaint describes instances in which the plaintiffs — including a protester known for wearing a chicken costume, a married couple in their 80s and two freelance journalists — had chemical or “less-lethal” munitions used against them.
In October, 83-year-old Vietnam War veteran Richard Eckman and his 84-year-old wife Laurie Eckman joined a peaceful march to the ICE building. Federal officers then launched chemical munitions at the crowd, hitting Laurie Eckman in the head with a pepper ball and causing her to bleed, according to the complaint. With bloody clothes and hair, she sought treatment at a hospital, which gave her instructions for caring for a concussion. A munition also hit her husband’s walker, the complaint says.
Jack Dickinson, who frequently attends protests at the ICE building in a chicken suit, has had munitions aimed at him while posing no threat, according to the complaint. Federal officers have shot munitions at his face respirator and at his back, and launched a tear-gas canister that sparked next to his leg and burned a hole in his costume, the complaint says.
Freelance journalists Hugo Rios and Mason Lake have similarly been hit with pepper balls and tear gassed while marked as press, the complaint says.
“Defendants must be enjoined from gassing, shooting, hitting and arresting peaceful Portlanders and journalists willing to document federal abuses as if they are enemy combatants,” the complaint states.
The owner and residents of the affordable housing complex across the street from the ICE building has filed a separate lawsuit, similarly seeking to restrict federal officers’ use of tear gas because its residents have been repeatedly exposed over the past year.
Local officials have also spoken out against use of chemical munitions. Portland Mayor Keith Wilson demanded ICE leave the city after federal officers used such munitions Saturday at what he described as a “peaceful daytime protest where the vast majority of those present violated no laws, made no threat, and posed no danger to federal forces.”
“To those who continue to work for ICE: Resign. To those who control this facility: Leave,” Wilson wrote in a statement Saturday night.
The protest was one of many similar demonstrations nationwide against the immigration crackdown in cities like Minneapolis, where in recent weeks federal agents killed two people, Alex Pretti and Renee Good.
