OTTAWA -- Russia has tried to steal information and intellectual property from researchers working on a COVID-19 vaccine, cyber security agencies in Canada, the United States, and the United Kingdom are alleging.

The major national security and intelligence threat was identified by the three countries as the result of “Russian cyber threat activity” directed at organizations that are doing research into and development of COVID-19 vaccines and treatment.  

“These malicious cyber activities were very likely undertaken to steal information and intellectual property relating to the development and testing of COVID-19 vaccines, and serve to hinder response efforts at a time when healthcare experts and medical researchers need every available resource to help fight the pandemic,” said the Communications Security Establishment (CSE) in a statement.

The top cyber and national security agencies—including the U.S. National Security Agency (NSA) and the Department of Homeland Security—jointly allege that APT29, also known as “the Dukes” or “Cozy Bear” which the agency says “almost certainly operates as part of Russian intelligence services,” was responsible for the malicious activity.

In a technical advisory released Thursday, the agencies spell out how the Russian actors used malware known as “WellMess” and “WellMail” to target global organizations by scanning computer IP addresses for potential vulnerabilities to access information like login credentials.

“This broad targeting potentially gives the group access to a large number of systems globally, many of which are unlikely to be of immediate intelligence value. The group may maintain a store of stolen credentials in order to access these systems in the event that they become more relevant to their requirements in the future,” reads the advisory.

“The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain,” according to the U.K.’s National Cyber Security Centre (NCSC).

As The Canadian Press has reported, a spokesperson for Russian President Vladimir Putin has denied the accusations, saying Russia does not have any information about who may have hacked these organizations, stating plainly “Russia has nothing to do with those attempts."

In a late afternoon press conference, Public Safety Minister Bill Blair hinted that while Russia has been named in this instance, there are other foreign actors who have their sights set on Canadian COVID-19 intellectual property.


Defence Minister Harjit Sajjan praised the agencies for calling out the “bad behavior,” and deterring other malicious foreign actors from targeting Canadian intelligence. 

NCSC Director of Operations Paul Chichester condemned the “despicable attacks,” against those working to combat the ongoing novel coronavirus pandemic. 

British Foreign Secretary Dominic Raab said that the U.K. stands with Canada and the U.S. “against the reckless actions of Russia’s intelligence services, who we have exposed today for committing cyberattacks against those working on a #Covid19 vaccine.” He said the hackers sought to undermine the international work underway to defeat the pandemic that to date has killed nearly 585,000 people worldwide. 

It remains unclear whether the attempts were successful in stealing any information. In a statement to CTV News, CSE said that in regards to these hacking attempts the agency is offering support and mitigation services, “to limit impacts to targeted organizations.” 

“On any given day, CSE's dynamic defence capabilities block up to two billion reconnaissance scans on these systems,” CSE spokesperson Evan Koronewski said in the statement, referring to the Government of Canada's systems. 

The three countries are now imploring all research facilities and other agencies involved in coronavirus research to take further actions to protect their information and contact CSE’s Cyber Centre if they suspect they have been targeted. 

As The Associated Press has reported, “Cozy Bear” was identified by U.S. security officials as one of the two Russian-linked groups responsible for the hack into the Democratic National Committee computer network that resulted in the leak of Hillary Clinton campaign emails ahead of the 2016 U.S. presidential election.


This comes after CSE and the Canadian Security Intelligence Service (CSIS) issued a warning in May that Canadian intellectual property related to COVID-19 research and testing was at an elevated risk for foreign-backed hacking or other malicious activity.

At the time the agencies said that during the pandemic they had already seen an increased risk of foreign interference and espionage related to the work being done by Canadian researchers, though they would not comment on specific operations, or which foreign actors posed a concern.

The federal government has committed more than $1 billion towards a national medical and research strategy to combat the novel coronavirus that is seeing labs across the country expand their capacity to study the virus, possible treatments or vaccines, and its spread among the population.

The funding includes millions of dollars for developing and producing vaccines and treatments in Canada, supporting similar work in other nations, as well as studying immunity and serology testing.

On Wednesday Prime Minister Justin Trudeau and several other world leaders put out a call to global leaders to “commit to an equitable distribution of an eventual COVID-19 vaccine.” 

“We will ensure every step of the way… to protect Canadian intellectual property and to protect the hard work of our researchers and ensure that we're doing everything right. But at the same time, we recognize the need for global collaboration in order to get through this global pandemic and we will get that balance right,” Trudeau told reporters on Thursday.