As government agencies in the USA, Canada and Great Britain announced, the Russian hacker group APT29 or The Dukes, as they are called in some circles, has targeted organizations that are researching vaccines against the coronavirus.
Speaking to Bloomberg, Artturi Lehtiö, director of strategy and corporate development at F-Secure and lead researcher on a 2015 analysis of the group's activities, said these types of organizations were not traditional targets for The Dukes. However, he also stresses that the attacks are in line with The Dukes' alignment with national security interests - which the coronavirus pandemic is undoubtedly part of.
According to a report published by the UK's NCSC, The Dukes are using public exploits against unpatched software to gain a foothold in systems. After this initial access, they use malware to steal and exfiltrate data from their targets. The report also states that The Dukes are using spear phishing - such as in the video below - to manipulate users into revealing their credentials.
Artturi points out that while The Dukes have compromised research organizations such as universities in the past, the main purpose of this is to gain access to attacks against organizations more directly related to governments. In this case, Artturi believes The Dukes' sudden interest in intellectual property theft due to the severity of the pandemic in Russia could signal a shift in their priorities.
“APT29 typically focuses on intelligence information to inform national and security policy, rather than on intellectual property theft. However, COVID-19 could be such an important national security priority for Russia that it needs all available forces to do so. If you ask me, the fact that APT29 has targeted universities in the past has, to the best of our knowledge, been a stepping stone to combat expert commissions, and ultimately government goals. But since they previously had access to these other networks, this may now be used for this new priority as well.
More on this in the F-Secure.com blog
Via F-Secure Nobody has a better insight into real cyberattacks than F-Secure. We bridge the gap between detection and response. To do this, we leverage the unmatched threat expertise of hundreds of the best technical advisors in our industry, data from millions of devices using our award-winning software, and ongoing innovations in artificial intelligence. Leading banks, airlines and corporations trust our commitment to fight the world's most dangerous cyber threats. Together with our network of top channel partners and over 200 service providers, it is our mission to provide all of our customers with tailored, enterprise-grade cybersecurity. F-Secure was founded in 1988 and is listed on NASDAQ OMX Helsinki Ltd.