- U.S., U.K., and Canadian agencies are accusing Russia of stealing research into a COVID-19 vaccine through known cyber attack exploits.
- In a report published Thursday, the three nations officially stated for the first time that the group known as Cozy Bear is a part of Russian intelligence services, a group known for targeting the DNC during the 2016 election.
- However, it’s unlikely that any damage was actually done to research since the goal seems to have been to steal data for Russian use.
- The report never stated if any data was actually stolen or not.
Cyber Attacks Against COVID-19 Research
Intelligence and security agencies from the United States, United Kingdom, and Canada accused Russian intelligence services of instigating cyber attacks against research facilities that are trying to find a COVID-19 vaccine.
In a report published Thursday titled “Advisory: APT29 targets COVID-19 vaccine development,” the U.K. National Cyber Security Centre, Canada’s Communications Security Establishment, and the U.S. National Security Agency wrote, “Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”
It also states that APT29 is just another name for a famous group of cyber attackers, writing “this report details recent Tactics, Techniques, and Procedures of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.”
The name Cozy Bear may sound familiar because its the same group accused of hacking the Democratic National Convention during the 2016 election.
This report, for the first time, clearly states that the Canadians, British, and Americans officially think Cozy Bear “is a cyber espionage group, almost certainly part of the Russian intelligence services.” While the group has long been assumed to be a part of the Russian security services, in the past it was only ever officially referred to as a “state-backed actor.”
This report follows a similar story from May when the U.S. and U.K. accused “state-back actors” of targeting organizations responding to the coronavirus pandemic with cyber attacks. However, at the time the names of the groups involved were never released.
How Did Cozy Bear Attack?
According to this recent report, Cozy Bear gained access to computers and systems through a variety of methods. Some of these are well known to the public, while others are believed to have been put into the public domain for the first time ever with this report.
Many of these attacks stem from gaining access to machines through well-known security exploits. Most of the exploits have been patched over the last two years, and the report urges companies and organizations to ensure they are up to date.
After gaining access, the attackers would use a malware called SoreFang, which is essentially just a downloader that allows the attacker to put more malware onto a computer. The two other prominent malware mentioned in the report are WellMess and WellMail.
WellMess was discovered in 2018 and allows the hackers to upload and download files from a victim’s computer. While WellMail allows the hacker to execute scripts on a victim’s machine and send that data to a server. The report also states that to their knowledge, information about WellMail hasn’t been in the public domain until today.
Other hacking methods include one of the oldest tricks in the book: phishing. Phishing and Spear Phishing are when a cyber attacker tries to trick someone to give their login credentials. This can be through generic emails pretending to be from an organization, or a more personalized email.
Damage Done to Research
Thursday’s report doesn’t state if research efforts into a COVID-19 vaccine were hampered, nor does it name any specific facilities that were targeted. Yet, it doesn’t seem like any damage was actually done. According to The New York Times, “Outside experts said it appeared that the Russians were simply copying information, not trying to damage the research organizations.”
One of those experts is Mike Chapple, an associate professor teaching cybersecurity at Notre Dame, who said: “The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road.”
It’s not too shocking that information that could help Russia develop their own vaccine would be targeted as the country has been hit hard by the coronavirus. Initially, Russian agencies stated they had no cases at all and had it under control; however, now they report cases. As of July 16, there’s been over 750,000 confirmed cases and nearly 12,000 deaths.
Even if the hacks likely didn’t actually affect the progress of research, it didn’t stop officials from being upset about them. British Foreign Minister Dominic Raab said in a statement, “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
While the NSCS’ Director of Operations, Paul Chichester, condemned the attacks. “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” he said.
Despite the indignation from the U.S., U.K., and Canada, Chapple noted to The New York Times that there’s a chance those three were doing the same to other countries.
“It wouldn’t surprise me if intelligence services of all nations are doing this same kind of thing and using the information to advance their research against coronavirus,” he added.
For their part, Kremlin spokesman Dmitry Peskov denied the allegations, telling the Russian news agency RIA that the allegations were not backed by proper evidence.
See what others are saying: (BBC) (The New York Times) (Reuters)
Petition Calls for Ban on Sexualized Fanfiction in South Korea
- A petition circulating across South Korea calls for sexualized fanfiction depicting K-pop stars and other real people to be outlawed and classified as sex crimes.
- The petition particularly focuses on the way male stars are depicted in same-sex relationships and argues that they often feature people who are minors.
- A similar petition was submitted last week to President Moon Jae-in; however, it focused on deep fakes. Because both petitions have over 200,000 signatures, they will need to be addressed by President Moon.
K-Pop Fanfiction Causes Chaos
A petition began circulating across South Korea this week demanding that “real person slash” fanfiction works be outlawed and charged as sex crimes.
“Real person slash” refers to a specific form of fanfiction that most often features sexualized versions of K-pop stars and other real people.
In particular, the petition focuses on the way male stars are depicted in same-sex relationships and the age of some of the people being portrayed. The petition notes, “due to the nature of the profession of idols, whose average age is young, many of the victims are still minors or children.”
The petition was submitted to the Blue House, South Korea’s version of the White House, and currently has over 200,000 signatures. It received a big boost in attention after K-pop star Nancy, from the group Momoland, was secretly filmed by a member of her agency while she was changing backstage. This person then doctored some of the images and uploaded them online.
While Nancy’s case isn’t hand-drawn fanfic, it did fuel outrage at what’s seen as an ineffective approach towards sex crimes in the country. Signers of this petition believe that these fanfics fall into the same category of likely illegality as deep fakes.
Deep Fakes Also Being Targeted
Additionally, just last week deep fakes – which often feature k-pop stars – had its own petition submitted to the president last week with over 300,000 signatures.
Because both petitions have over 200,000 signatures, they will need to be addressed by President Moon Jae-in
For years South Korea has struggled with secret cameras, deep fakes, revenge porn, and more violent sex crimes, such as the infamous Nth Room case that saw certain stars filming themselves having sex with women against their consent.
See What Others Are Saying: (CNA) (The Korea Herald) (South China Morning Post)
Italy Begins Largest Mob Trial in Decades
- Italian prosecutors have started their trial against more than 320 defendants linked to the ‘Ndrangheta crime syndicate.
- The charges range from murder and drug trafficking to extortion and money laundering.
- The case is so large, high-profile, and potentially dangerous that the government built a bunker for the event in Calabria, the home territory of the ‘Ndrangheta.
- Details uncovered could deliver a massive blow to organized crime in Italy and potentially across the world as the ‘Ndrangheta has major dealings in Europe, Australia, and the Americas.
Hundreds of ‘Ndranghetisti Facing Charges
A major mob trial kicked off in Italy Wednesday involving more than 320 defendants who are part of or associated with the ‘Ndrangheta crime syndicate.
In addition to these defendants going on trial, 90 others have elected for a fast-tracked trial elsewhere in Calabria.
While this is a massive affair, it’s still not the country’s largest mob-related trial in history. That happened in the ’80s against the Cosa Nostra from Sicily.
The trial is so high-profile and potentially dangerous that the government built a bunker for the event in Calabria, close to the home territory of the ‘Ndrangheta.
The court is looking at many charges against the defendants, including extortion, drug and arms trafficking, money laundering, and Mafia association – a term used in Italy’s penal code for members of organized crime.
Breaking Into the Family
Investigators hope that the trial will show just how entrenched organized crime is in the territory, as it’s believed that the ‘Ndrangheta has dealings with local politicians and businessmen. These dealings are believed to not only stem from their illicit activities but also from their legitimate businesses that were initially funded via crime-related funds. Either way, the trial is seen as a major blow for the group.
The organization is made up of multiple groups of tight-knight families that are all interconnected. For years investigators have tried to get more information on the group but following the arrest and prosecution of Luigi Mancuso, a boss in the ‘Ndrangheta, investigators finally had a way to look more closely at 12 families who make up part of the ‘Ndrangheta.
During their investigation police and prosecutors managed to turn some members of those families and use them as informants. They are expected to take the stand as witnesses during the trial. In total, prosecutors hope to put bring out over 900 witnesses.
If successful, this could be a massive blow to organized crime in Italy and potentially across the world as the ‘Ndrangheta has major dealing in Europe, Australia, and the Americas.
See What Others Are Saying: (ABC News) (LA Times) (Chicago Tribune)
Hundreds Sickened By Mysterious Illness in India
- A mystery illness has hospitalized over 500 people in India and is linked to one death. While most people have recovered and been discharged from the hospital, under 100 people are still being treated.
- Health officials believe that it is not a viral infection and that it is not tied to the coronavirus pandemic. One official told The Washington Post that it is a “point source epidemic,” but no one knows what is causing it.
- Blood tests showed patients had high levels of lead and nickel and officials are trying to find what is behind that. Some are also pointing to pesticides used in mosquito treatment as a potential cause behind the outbreak.
- Still, health officials are puzzled, and the situation comes while India currently trails the United States as the country with the most coronavirus cases. This mystery outbreak is also occurring in one of the hardest-hit states.
Mystery Illness in India
Health officials are still looking for what might be causing a mysterious illness that has sickened hundreds of people this month in India.
The unidentified illness has put over 500 people in the hospital and taken one life. Most patients have been discharged and recovered but under 100 are still being treated. The disease was first reported on Sunday, and new instances have gone down since the start of the week.
The outbreak started in the state of Andhra Pradesh. Symptoms range from nausea to anxiety to loss of consciousness, and in some cases, seizures. Some reports say the patient who died suffered from a seizure. Others note they may have fallen as well.
Many patients describe the sickness as hitting them quickly and suddenly as they were going about their day. Some got foggy vision, sore eyes, or incredibly tired before passing out. Many woke up in the hospital and were left with a gap in their memory.
While the cause of this disease is unknown, health officials do not believe it is tied to the coronavirus in any way as no patients have tested positive. The illness is also not believed to be a viral infection of any kind.
“What has been established by experts is that this is a case of acute intoxication of toxins. It is not chronic in nature. This is all we know for now,” one high-ranking official told The Washington Post.
Because cases are already slowing significantly, some believe it might have stemmed from an isolated source or event.
“This is a point source epidemic,” another official told the Post. “Whatever happened, occurred for one particular day and some people got affected. The number of new patients has dropped.”
What that source or event may have been remains a mystery that officials are eager to solve. So far, no commonalities have been found between the patients as they all live in different places, are of different ages, and do not test positive for other kinds of illnesses that could be causing or contributing to this outbreak. Clues are beginning to emerge, though.
One medical official told Al Jazeera that high lead and nickel levels were found in the blood tests of patients. So far, ten have been tested and another 30 will be tested shortly. At first officials thought these levels may have been a result of water contamination, but after water tests were conducted, neither lead nor nickel were found.
Water contamination as a whole has not been ruled out though.
“Health experts suspect that excessive use of bleaching powder and chlorine in sanitation programmes as part of Covid-19 prevention measures may be the cause of water contamination,” the Health Minister of Andhra Pradesh told the Indian Express. “This is just one of the causes we are exploring.”
Another theory at play stems from the fact that organochlorines, which are used as pesticides in mosquito control, were found in some water samples. One of the federal legislators in the state believes that the sickness could be tied to that. A public health director confirmed to Al Jazeera that “it is one of the possibilities.”
Timing With COVID-19
Still, all these ideas simply remain possibilities and officials have far more questions than they have answers about this situation. Health officials from the country and the World Health Organization have established a presence in Andhra Pradesh to get to the bottom of the situation.
The timing of this outbreak is unfortunate as the coronavirus pandemic continues to spread through India. While daily cases are much lower than they were when it peaked in September in the country, it still remains an issue.
India is behind the United States in seeing the second-highest number of COVID-19 cases, totaling 9.7 million infections. Around 141,000 people have died in the country. In August, their outbreak was the fastest growing in the world. Andhra Pradesh is among the hardest-hit states in the country.
Hope is on the horizon as India, like many other countries, could be on track to approve a vaccine within weeks. According to Reuters, health officials will prioritize 300 million people, including healthcare workers, policemen, and those above the age of 50.