Denim Group has been acquired by Coalfire. Learn More>>

Even in the Midst of COVID-19, Russia is Undeterred, and this Shouldn’t be a Surprise


As we struggle for a sense of normalcy during this pandemic, we can draw comfort from certain constants in life. One of those constants is Russian nation state hacking. A recent public report from the United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) documented a pattern of activities from an all-too familiar Russian hacking organization known within industry by its nom-de guerre, Fancy Bear. Fancy Bear, aka. APT 29, is accused of penetrating and attempting to steal COVID-19- related vaccine research from certain organizations in the West. The report, which was endorsed by the National Security Agency and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) in the United States, lays out strong evidence that Fancy Bear is targeting intellectual property associated with COVID-19 research.  The report also sends a strong message that the US, UK, and Canada are aware of and publicly acknowledging Fancy Bear’s efforts.

Take aways:

Maybe this was Russia’s way of collaboration. Perhaps our friends at the Kremlin – facing COVID-19 challenges themselves – felt their best contribution to the international effort was to do what they do best – steal things. The conclusion of the report states “APT29 (Fancy Bear) is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.” I think it’s safe to say it’s an understatement.

I have three immediate thoughts:

  • There’s no Surprise here. This is what Russian hackers do. When security researchers discuss nation state threats, Russia is always number one or number two, depending on how you count it. It’s mildly interesting that the target of these attacks has been to steal intellectual property versus state secrets, but truly, that isn’t much of a pivot. The same capabilities that enable them to steal weapon systems design documents can be used to target COVID-19 vaccine research.
  • Medical R&D organizations need bank level security. Now that these COVID-19 related attacks have been documented, research organizations will have to dramatically step up their cybersecurity game. The stakes could not be higher. If the intellectual property associated with a COVID-19 vaccine fell into the hands of the Russians (or other hostile nation state actors) and vaccine were mass produced in these countries, years’ worth of profits could put in jeopardy. Research organizations will have to increase their network defenses, training, and monitoring to look more like a bank and less like a science lab from a security perspective in order to address this more sophisticated threat.
  • Left Undeterred, the Russians will Continue Unabated. I anticipate more of this behavior by Fancy Bear, and by extension, the Russian government. There is no downside and apparently no repercussions will be doled out from continued hacking attempts against different industry sectors in the West. Sadly, I don’t see how these groups sit out the November Presidential election either. I predict they will be actively engaged throughout the fall election to further undermine the credibility of the results through social engineering, robo texts, DDoS attacks, etc.

We should not be surprised by the news that the Russians are hacking COVID-19 research organizations and we should assume that their efforts will continue unabated until the price they pay for such activities becomes too high. I recommend we prepare ourselves for many more reports like this from our intelligence and cyberdefense agencies and further “up” our security game to prepare for the day when our organization becomes a target.

About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd. He has nearly 20 years’ hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.
More Posts by John Dickson

Leave a Reply

Your email address will not be published. Required fields are marked *