On July 16, a hacking group from Russia was accused by the United States, the United Kingdom, and Canada of attempting to steal information on potential COVID-19 vaccines. The hacking group is a name that is already familiar to cybersecurity experts.
Getting their hands on the vaccine
Advanced Persistent Threat 20 or APT-29, also known as Cozy Bear, is one of two hacking groups that cybersecurity researchers have linked to the intelligence services of Russia.
ABC News said they have been accused of interfering with the U.S Presidential elections back in 2016. Researchers and cybersecurity experts have suggested that APT-29 is directed by the FSB or the domestic intelligence service of Russia.
But now they have come to believe that APT-29 is being directed by the SVR or the foreign intelligence service. APT-29 is said to have tried to steal confidential information and intelligence from political groups, activists and think tanks.
The group became known in the United States after they allegedly hacked the computers of the committee that works for the Democratic Party. Back in 2016, APT-29 was accused of hacking into the servers of the Democratic party.
A second hacking group, the APT-28, was also in on the hacking. APT-28, or Fancy Bear, is linked to the GRU or the military intelligence agency of Russia. They were also accused of stealing emails and data from the Democratic party then leaking them online.
Cozy Bear, on the other hand, was described by researchers as more discreet. The two hacking groups duplicated some of the efforts of each other and suggested that they were unaware of the operations of each other.
In 2018, Dutch media reported that AIVD, or the intelligence service of the Netherlands, had successfully managed to break into the computers that were used by APT-29. It was located in a university building close to the Red Square in Moscow, as reported by the Associated Press.
AIVD's hackers had compromised the group since 2014, and it allowed them to watch in real-time the attacks done by APT-29, including the 2016 U.S Presidential Elections.
According to the Dutch hackers, they were able to access a CCTV camera overlooking the building, so they were able to identify those who were inside. They shared the information with the National Security Agency and the FBI.
In 2017, Norwegian police said Cozy Bear targeted numerous government ministries and the left-wing Labor party of the country. Also, the Dutch government ordered votes in Holland's general election to be counted by hand after Dutch intelligence said that Russian hackers had targeted ministries. APT-29 is also known for phishing.
The hackers would send emails to social media users and once a user clicks on the links, the malware is delivered onto the computer of the unsuspected user. They steal login credentials and personal data.
In 2015, more than 1,000 people received emails with malware. It was months before the 2016 U.S Presidential election and the FBI and Department of Homeland Security found out that it was APT-29 who spread those emails. The login credentials and personal data may have been used to interfere with the result of the election.