An advisory published by the united kingdom National Cyber Security Centre (NCSC) details activity by the Russian hacking group and explicitly calls out efforts to a target US, UK and Canadian vaccine research and development organizations.

Cozy Bear is 1 of 2 hacking groups linked to Russian intelligence that’s believed to have accessed the Democratic National Committee’s internal systems in the lead-up to the 2016 US election, but Thursday’s announcement is the first-time this group has been named in connection to cyberattacks related to the coronavirus pandemic.

The US, UK and Canadian authorities have issued a few warnings about state-backed cyberattacks in recent month.

In May, the three countries issued an advisory warning of ongoing cyberattacks against companies involved in the coronavirus response, including health care bodies, pharmaceutical businesses, academics, medical research companies and municipality.

Hospitals, research laboratories, medical care providers and pharmaceutical businesses have all been hit, officials say, and the US Department of Health and Human Services — which oversees the Centers for Disease Control and Prevention — has been struck with a surge of daily strikes, an official with direct familiarity with the attacks previously told CNN. The NCSC, which is the UK’s lead technical authority on cyber security and part of the UK’s Government Communications Headquarters (GCHQ), assessed that APT29 “almost certainly operate as part of Russian Intelligence Services”. This assessment is also supported by partners at the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA), the NCSC said. “APT29’s campaign of malicious activity is ongoing, predominantly against government, diplomatic, think tank, healthcare and energy targets to steal valuable intellectual property,” according to a press release. “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” NCSC Director of Operations, Paul Chichester, said in a statement. “Working with your allies, the NCSC is committed to protecting our most important assets and our priority at this time is always to protect medical sector. “We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.” The press release said the NCSC has previously warned that APT (Advanced Persistent Threats) groups have already been targeting companies involved in both national and international Covid-19 responses. APT29 works on the variety of tools and practices, including spear phishing and custom malware known as “WellMess” and “WellMail”, according to the NCSC. The report figured: “APT29 is likely to continue to target organisations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic.”

