Russia has been accused by Downing St of launching a “despicable” operation to steal Britain’s coronavirus vaccine secrets in a state-sponsored cyber attack.
Both Oxford University and Imperial College London, the two British teams trying to develop a vaccine, are understood to have been targeted, with security sources refusing to say whether any of the attempts to steal information had been successful.
The National Cyber Security Centre (NCSC) said it had the “highest level of confidence” the Kremlin was behind the “ongoing” attack, which was also verified by the US and Canada.
The announcement came hours after Russia announced its intention to produce 200million doses of an “experimental” vaccine this year, fueling suspicions that it could have been successful in stealing information from one of the laboratories across the world that were targeted.
The NCSC said the hack was part of an ongoing campaign of “malicious activity” that began in around February or March when coronavirus became an international pandemic.
Intelligence sources said knowledge of the attacks “is at the highest levels” in Russia, directly implicating President Vladimir Putin in the plot.
The news ramped up tensions with Russia, which has already been accused of previous state-sponsored cyber attacks, including an attack on the UK energy grid on the day of the 2017 general election.
The Prime Minister’s official spokesman said: “The attacks which are taking place against scientists and others doing vital work to combat coronavirus are despicable.
“Working with our allies, we will call out those who seek to do us harm in cyber space and hold them to account.” The Russian Embassy in London fired a warning shot across Number 10’s bows by saying it would “respond appropriately to any unfriendly British actions against Russia”.
The NCSC named the hackers as a group called APT-29, better known by the nicknames Cozy Bear and The Dukes, which have previously been behind attacks on the Pentagon and the Democratic Party in the US.
It said for the first time that the group was part of the Russian intelligence service. The graphic below shows how the hacking could work.
Separately, Dominic Raab, the Foreign Secretary, said “Russian actors” had also tried to “interfere” with the 2019 general election by repeatedly promoting online a leaked document that was touted by Jeremy Corbyn at a press conference days before the poll.
The Telegraph first linked the online “amplification” of the US-UK trade talks document to the Kremlin in December, and on Thursday Mr Corbyn was described as a “useful idiot” for Russia by an international think-tank.
The global race to develop a coronavirus vaccine not only promises a coup for the country that gets there first, but could also prove highly lucrative, making it a race Russia would dearly like to win.
On Wednesday researchers at Oxford University said they had made a breakthrough in their attempt to develop a vaccine, which they suggested could be ready as early as October, seemingly putting Britain ahead of the rest of the world.
Then on Thursday morning Kirill Dmitriev, the head of Russia’s sovereign wealth fund, announced that the Russian vaccine would be approved in August “making it possibly the first vaccine to be approved in the world”.
Within hours the NCSC had released details of Russia’s attempts to breach the security of the UK vaccination programme, which used a technique known as spear phishing to send personalised emails to staff in the labs which appeared to be from a trusted source but which in fact contained so-called “malware” designed to infiltrate computer servers.
Mr Raab described the attacks as “completely unacceptable” but has so far stopped short of summoning the Russian ambassador to the Foreign Office.
Security sources said they were “not aware” of any data being stolen from UK labs by the cybercriminals, but could not categorically rule it out. They said the attacks were highly targeted on individuals, and there had been “not huge numbers” of hacking attempts.
News of the cyber attack was released in a joint statement by the UK, US and Canadian intelligence services.
They said APT-29 - short for Advanced Persistent Threats - was waging a “campaign of malicious activity [which] is ongoing, predominantly against government, diplomatic, think-tank, healthcare and energy targets to steal valuable intellectual property”.
The NCSC said it had the “highest level of confidence in attribution”.
As long ago as May the NCSC - part of GCHQ - warned that international cybercriminals were targeting healthcare bodies around the world involved in the coronavirus response.
In Thursday's report, the NCSC, America’s National Security Agency and Canada’s Communications Security Establishment said that: “Throughout 2020, APT-29 has targeted various organisations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.”
It said the group was “weaponising” vulnerabilities in the computer systems of labs, using custom malware known as WellMess and WellMail to target the organisations.
Paul Chichester, the NCSC Director of Operations, said protecting the health sector had now become the agency’s “top priority”.
Whitehall sources said the investigation into Russian hacking involved cyber teams from GCHQ, MI5, MI6, and NCSC.
Sources said there was no evidence of Russian hackers travelling to the UK to carry out the attacks. "This has been done from Russia," said the source, "This is classic Russian modus operandi, an attempt to steal our intellectual property."
Mr Raab said it was "almost certain" Russian "actors" were involved in promoting "stolen" Government documents relating to trade talks with the US which appeared on the internet site Reddit last year.
The documents were cited by then Labour leader Jeremy Corbyn as proof the Conservatives were preparing to open up the NHS to US pharmaceutical companies.
Mr Raab said: "On the basis of extensive analysis, the Government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online amplification of illicitly acquired and leaked Government documents."
Mr Raab's statement came as the newly formed parliamentary Intelligence and Security Committee announced it would release a long-awaited report into Russian interference in UK politics before Parliament breaks next week for the summer.
The Prime Minister's official spokesman dismissed as "nonsense" suggestions that the information on Russian cyberattacks had been published ahead of that report in order for the Government to appear “tough” on Russia.
Russian Ministry of Foreign Affairs spokeswoman Maria Zakharova dismissed Mr Raab’s claims as "ambiguous" and "confusing".
She said: “At this juncture it is premature to make any statements on our behalf, but let me say this: this statement is so ambiguous and so confusing that it is unclear what they are trying to say.”
Kremlin spokesman Dmitry Peskov said: “We have no information on who could have hacked pharmaceutical companies and research centres in Britain. We can only say this: Russia has nothing to do with these attempts."
Mr Dmitriev said: "This whole story, I think, is an attempt to tarnish the reputation of the Russian vaccine by some of the people who are scared of its success, because the Russian vaccine potentially could visit first to the market. And it potentially could be the most effective vaccine out there."
Mr Corbyn on Thursday night said the claims were an attempt to divert attention “from the threat to the NHS and the Tory party links to Russian oligarchs expected to be revealed in the longburied parliamentary Russia report.”