Courtesy of Wikimedia Commons

Russian, Chinese state-backed hackers accused of targeting COVID-19 research

Security services from the United States, United Kingdom and Canada reported in July a collection of organisations currently working to develop a coronavirus vaccine have been the victims of hacks by both Russian and Chinese hacking groups. 


The Russian hacking group goes by multiple names, including APT29, The Dukes and Cozy Bear. It is one of the same groups—in coordination with fellow Russian government-backed group Fancy Bear—implicated in the hacking attack against the U.S. Democratic National Committee in 2015–16 and the 2017 hack against Norway’s Labour Party and government ministries. 


According to AP News, Cozy Bear attempted to hack COVID-19 vaccine development data from academic researchers and pharmaceutical companies. American, British and Canadian security services did not announce which companies had been targeted, nor whether the hackers successfully stole information.


Shawn Smallman, professor of international and global studies at Portland State, said the Russians’ motives remain unknown. “Are they worried that they might be behind in the vaccine search and they’re trying to get information?”


”That doesn’t seem to make sense because about a week ago, shortly after these allegations were made public, Russia signed a big intellectual property deal with AstraZeneca to get a vaccine,” Smallman said. “So maybe something changed from the period when they were allegedly hacking and when they did this.”


According to Smallman, the Russian government may be looking for opportunities for disinformation. 


“If you believe that there’s pretty good evidence that in 2016 the Russians intervened to discredit the Democratic party in the election, maybe they’re trying to do something that could sow distrust around the vaccine or create some other kind of political issue around the vaccine,” Smallman said. 


After the accusations against the Russian-government-backed hacking group came to light, similar accusations against two Chinese-government-backed hackers made headlines. 


The U.S. Justice Department announced the Chinese suspects, Li Xiaoyu and Dong Jiazhi, were indicted on July 7, 2020 on a bevy of charges related to hacking, fraud and theft of trade secrets, according to The New York Times


The indictment stated the locations of the countries involved and inferred the potential beneficiaries of the coronavirus vaccine research data. Li and Dong targeted companies in Europe, South Korea, Japan, Australia and the U.S.—including the biotech firm Moderna Inc.


“The Defendants stole hundreds of millions of dollars’ worth of trade secrets, intellectual property, and other valuable business information,” the indictment stated. “While in some instances they were stealing business and other information for their own profit, in others they were stealing information of obvious interest to the PRC Government’s Ministry of State Security (“MSS”). Li and [redacted] worked with, were assisted by, and operated with the acquiescence of the MSS.”


The Assistant Attorney General for National Security, John Demers, said “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research.” 


This statement aligns with the indictment, which posits that the two suspects had a history of hacking predating the coronavirus pandemic. According to the indictment, Li and Dong targeted dissidents against China’s ruling communist party, both within China and abroad, including large organizational targets and individuals such as a Chinese Christian pastor and an American professor. 


“We’ve now reached a point where the FBI is now opening a new China-related counterintelligence case every 10 hours,” said FBI Director Christopher Wray, according to BBC. “Of the nearly 5,000 active counterintelligence cases currently underway across the country, almost half are related to China.”


Smallman noted there are over 100 COVID-19 vaccines in development around the world. “I think there’s a lot of concern and resentment right now about what happens if Britain comes forward with a vaccine, or the U.S.,” he said. 


Access to new vaccines will be limited since it will take time to increase production, and limited access will lead to increased international tension. During the 2009 H1N1 influenza pandemic, wealthy countries including the U.S. and Canada initiated advance contracts with vaccine manufacturers to ensure they would receive the first vaccines. Other countries would be able to purchase vaccines only after their needs were met, according to Smallman.


“You have this system that seems designed to keep poorer countries in a state of dependency on wealthy countries. They can’t even get access to the vaccine,” Smallman said. “To me, the fact that we’re already seeing some of these tools that are quasi-military being used to gain information to infiltrate other countries—it’s a warning sign for what might happen later if we don’t have some sort of a plan to deal with this.”