Editorial: Russian hackers, Covid vaccines and the phishing plot

A person receives a shot in the first-stage safety study of a potential vaccine by Moderna for Covid-19 in Seattle, the United States. Photo / AP

EDITORIAL

It says something about the world in 2020 that good news of progress on vaccines for Covid-19 comes with a dark subplot.

Britain has accused Russia of trying to steal coronavirus research secrets in cyber attacks on drug firms and researchers in the UK, the US and Canada.

Britain's security minister James Brokenshire blamed "Russian intelligence agencies". Dmitry Peskov, a spokesman for President Vladimir Putin, said: "Russia has nothing at all to do with these attempts".

The UK has two teams at work on a vaccine at Oxford University and Imperial College London. Both have reportedly been targeted.

Questions hang over the development and distribution of any successful vaccine but there's not much doubt the money to be made would be huge. A vaccine protecting against Covid-19 would be wanted by all countries and billions of people.

Last week, vaccine projects reported on early promising results. US biotech company Moderna said a small study had shown good results and a larger trial would be under way before the end of the month.

Oxford researchers said they had made a breakthrough and suggested a vaccine could be ready as soon as October.

On Thursday, the head of Russia's sovereign wealth fund, Kirill Dmitriev, said a Russian vaccine would be approved in August.

Britain's National Cyber Security Centre then claimed Russia had used a technique known as "spearphishing" to send malware-laced personalised emails to UK lab staff. News of the cyber attack was released jointly by the UK, US and Canadian intelligence services. The statement seemed intended to push potential hacking targets into boosting their protection.

In May, the US Department of Homeland Security's cybersecurity agency warned Covid-19 studies were being targeted by hackers.

The NCSC identified the hackers as APT-29, also known as Cozy Bear and The Dukes - previously linked to assaults on the Pentagon and America's Democratic Party before the 2016 US presidential election. Homeland Security said the group was part of the Russian intelligence service.

Hackers have been visibly busy, with high-profile Twitter accounts breached five days ago. Public figures appeared to offer US$2000 for every US$1000 sent to an anonymous Bitcoin address.

Fake tweets were sent from the accounts of former US President Barack Obama and the US presidential front-runner, former Vice-President Joe Biden. Billionaires Mike Bloomberg, Jeff Bezos, Bill Gates and Elon Musk were also hacked.

The New York Times interviewed two people purportedly linked to the security meltdown, both of whom cited a hacker who went only by the name of "Kirk".

As the world collectively struggles against a pandemic that has killed 600,000 people and infected more than 14 million, uncertainty about the reliability and availability of vaccines is an unwelcome development. The Twitter break-in also reveals the risk of dangerous disinformation being released on a social media platform with unknown consequences.

The account of US President Donald Trump was not targeted but his account is closely followed and reported on.

We have no way of knowing what motivates APT-29 or "Kirk" but the potential implications are frightening. It also, once again, raises the spectre of foreign interference in this year's US election.

This difficult year may yet have a twist in its tail.