When it comes to nation-state hackers, Russia tends to direct its cyber energies toward elections and disinformation campaigns, whereas China is known for going after intellectual property.
[Related podcast: Nation-State Cyber Threats]
But according to a recent joint advisory from the Cybersecurity and Infrastructure Security Agency, (CISA), it looks like COVID-19 is too valuable for even Russia to pass up.
Cyberattacks on COVID-19 research are starting to feel as common as COVID-19.
SecureWorld has covered the stories time and time again. From attacks on a COVID-19 crunching supercomputer to the World Health Organization and everywhere in between, hackers are seeking coronavirus data wherever they can find it.
In fact, CISA has already published a general joint advisory on nation-state hackers targeting pandemic research.
"The NCSC and CISA are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organisations, and universities. APT groups frequently target such organisations in order to steal sensitive research data and intellectual property (IP) for commercial and state benefit.
But this latest one takes things a step further.
A new report from CISA, the UK's National Cyber Security Centre (NCSC), Canada's Communications Security Establishment (CSE), and the National Security Agency (NSA) sheds light on APT29, a Russian hacking group targeting COVID-19 data.
APT29 also goes by "the Dukes" or "Cozy Bear." Here's what NCSC says about the group:
"The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain.
Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines."
What TTPs does APT29 use? The advisory describes three different malware strains:
Interested in the complete report? The full joint advisory is available here.
While CISA, NCSC, CSE, and the NSA are yet to develop a plan of attack for combating this Russian hacking group, the advisory does include some recommendations for mitigation.
This advice is particularly valuable for any organization researching a COVID-19 vaccine:
The man who uncovered the cyberattack on the WHO and how he did it:
Also, hear about geopolitics and their influence on cyber threats: