- U.S., U.K., and Canadian agencies are accusing Russia of stealing research into a COVID-19 vaccine through known cyber attack exploits.
- In a report published Thursday, the three nations officially stated for the first time that the group known as Cozy Bear is a part of Russian intelligence services, a group known for targeting the DNC during the 2016 election.
- However, it’s unlikely that any damage was actually done to research since the goal seems to have been to steal data for Russian use.
- The report never stated if any data was actually stolen or not.
Cyber Attacks Against COVID-19 Research
Intelligence and security agencies from the United States, United Kingdom, and Canada accused Russian intelligence services of instigating cyber attacks against research facilities that are trying to find a COVID-19 vaccine.
In a report published Thursday titled “Advisory: APT29 targets COVID-19 vaccine development,” the U.K. National Cyber Security Centre, Canada’s Communications Security Establishment, and the U.S. National Security Agency wrote, “Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”
It also states that APT29 is just another name for a famous group of cyber attackers, writing “this report details recent Tactics, Techniques, and Procedures of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.”
The name Cozy Bear may sound familiar because its the same group accused of hacking the Democratic National Convention during the 2016 election.
This report, for the first time, clearly states that the Canadians, British, and Americans officially think Cozy Bear “is a cyber espionage group, almost certainly part of the Russian intelligence services.” While the group has long been assumed to be a part of the Russian security services, in the past it was only ever officially referred to as a “state-backed actor.”
This report follows a similar story from May when the U.S. and U.K. accused “state-back actors” of targeting organizations responding to the coronavirus pandemic with cyber attacks. However, at the time the names of the groups involved were never released.
How Did Cozy Bear Attack?
According to this recent report, Cozy Bear gained access to computers and systems through a variety of methods. Some of these are well known to the public, while others are believed to have been put into the public domain for the first time ever with this report.
Many of these attacks stem from gaining access to machines through well-known security exploits. Most of the exploits have been patched over the last two years, and the report urges companies and organizations to ensure they are up to date.
After gaining access, the attackers would use a malware called SoreFang, which is essentially just a downloader that allows the attacker to put more malware onto a computer. The two other prominent malware mentioned in the report are WellMess and WellMail.
WellMess was discovered in 2018 and allows the hackers to upload and download files from a victim’s computer. While WellMail allows the hacker to execute scripts on a victim’s machine and send that data to a server. The report also states that to their knowledge, information about WellMail hasn’t been in the public domain until today.
Other hacking methods include one of the oldest tricks in the book: phishing. Phishing and Spear Phishing are when a cyber attacker tries to trick someone to give their login credentials. This can be through generic emails pretending to be from an organization, or a more personalized email.
Damage Done to Research
Thursday’s report doesn’t state if research efforts into a COVID-19 vaccine were hampered, nor does it name any specific facilities that were targeted. Yet, it doesn’t seem like any damage was actually done. According to The New York Times, “Outside experts said it appeared that the Russians were simply copying information, not trying to damage the research organizations.”
One of those experts is Mike Chapple, an associate professor teaching cybersecurity at Notre Dame, who said: “The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road.”
It’s not too shocking that information that could help Russia develop their own vaccine would be targeted as the country has been hit hard by the coronavirus. Initially, Russian agencies stated they had no cases at all and had it under control; however, now they report cases. As of July 16, there’s been over 750,000 confirmed cases and nearly 12,000 deaths.
Even if the hacks likely didn’t actually affect the progress of research, it didn’t stop officials from being upset about them. British Foreign Minister Dominic Raab said in a statement, “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
While the NSCS’ Director of Operations, Paul Chichester, condemned the attacks. “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” he said.
Despite the indignation from the U.S., U.K., and Canada, Chapple noted to The New York Times that there’s a chance those three were doing the same to other countries.
“It wouldn’t surprise me if intelligence services of all nations are doing this same kind of thing and using the information to advance their research against coronavirus,” he added.
For their part, Kremlin spokesman Dmitry Peskov denied the allegations, telling the Russian news agency RIA that the allegations were not backed by proper evidence.
See what others are saying: (BBC) (The New York Times) (Reuters)
Russia Takes Over 900 Azovstal Fighters Prisoner as Mariupol Surrenders
Ukraine said the soldiers successfully completed their mission, but the fall of Mariupol represents a strategic win for Putin.
Azovstal Waves the White Flag
Russia’s foreign ministry announced on Wednesday that it had captured 959 Ukrainians from the Azovstal steelworks, where besieged soldiers have maintained the last pocket of resistance in Mariupol for weeks.
A ministry spokesperson said in a statement that 51 were being treated for injuries, and the rest were sent to a former prison colony in the town of Olenivka in a Russian-controlled area of Donetsk.
The defense ministry released videos of what it claimed were Ukrainian fighters receiving care at a hospital in the Russian-controlled town of Novoazovsk. In one, a soldier tells the camera he is being treated “normally” and that he is not being psychologically pressured, though it is unclear whether he is speaking freely.
It was unclear if any Ukrainians remained in Azovstal, but Denis Pushilin, the head of the self-proclaimed republic of Donetsk, said in a statement Wednesday that the “commanders of the highest level” were still hiding in the plant.
Previously, estimates put the number of soldiers inside Azovstal around 1,000.
Ukraine officially gave up Mariupol on Monday, when the first Azovstal fighters began surrendering.
Reuters filmed dozens of wounded Ukrainians being driven away in buses marked with the Russian pro-war “Z” symbol.
Ukraine’s deputy defense minister said in a Tuesday statement that the Ukrainian prisoners would be swapped in an exchange for captured Russians. But numerous Russian officials have signaled that the Ukrainian soldiers should be tried.
Mariupol Falls into Russian Hands
After nearly three months of bombardment that left Mariupol in ruins, Russia’s combat mission in the city has ended.
The sprawling complex of underground tunnels, caverns, and bunkers beneath Azovstal provided a defensible position for the Ukrainians there, and they came to represent the country’s resolve in the face of Russian aggression for many spectators.
Earlier this month, women, children, and the elderly were evacuated from the plant.
The definitive capture of Mariupol, a strategic port city, is a loss for Ukraine and a boon for Russia, which can now establish a land bridge between Crimea and parts of Eastern Ukraine controlled by Russian separatists. The development could also free up Russian troops around Mariupol to advance on the East, while additional reinforcements near Kharkiv descend from the north, potentially cutting off Ukrainian forces from the rest of the country.
The Ukrainian military has framed events in Mariupol as at least a partial success, arguing that the defenders of Azovstal completed their mission by tying down Russian troops and resources in the city and giving Ukrainians elsewhere more breathing room.
It claimed that doing so prevented Russia from rapidly capturing the city of Zaporizhzhia further to the west.
See what others are saying: (The Guardian) (BBC) (BBC)
Convoy of Up to 1,000 Vehicles Evacuates Refugees From Mariupol as Russian War Effort Stalls
Russia may have lost a third of its ground invasion force since the war began, according to British military intelligence.
Hundreds Make It Out Alive
A convoy of between 500 and 1,000 vehicles evacuating refugees from the southern port city of Mariupol arrived safely in the Ukrainian-controlled city of Zaporizhzhia on Saturday.
People have been trickling out of Mariupol for over two months, but the recent evacuation was the single biggest out of the city thus far. Russian troops, who control most of the city, did not allow the convoy to leave for days, but eventually, they relented.
The convoy first traveled to Berbyansky some 80 kilometers to the west, then stopped at other settlements before driving 200 kilometers northwest to Zaporizhzhia. Many refugees told reporters they took “secret detours” to avoid Russian checkpoints and feared every moment of the journey.
Nikolai Pavlov, a 74-year-old retiree, told Reuters he had lived in a basement for a month after his apartment was destroyed.
“We barely made it,” he said. “There were lots of elderly people among us… the trip was devastating. But it was worth it.”
63-year-old Iryna Petrenko also said she had stayed in Mariupol initially to take care of her 92-year-old mother, who subsequently died.
“We buried her next to her house, because there was nowhere to bury anyone,” she said.
Putin’s Plans Go Poorly
In Mariupol, Ukrainian fighters continue to hold the Azovstal steelworks, the only part of the city still under Ukrainian control.
On Sunday, a video emerged appearing to show a hail of projectiles bursting into white, brightly burning munitions over the factory.
The pro-Russian separatist who posted it on Telegram wrote, “If you didn’t know what it is and for what purpose – you could say that it’s even beautiful.”
Turkey is trying to negotiate an evacuation of wounded Ukrainians from the factory, but neither Russia nor Ukraine have agreed to any plan.
After nearly three months of war, Mariupol has been left in ruins, with thousands of civilians reportedly dead.
“In less than 3 month, Mariupol, one of Ukraine’s fastest developing & comfortable cities, was reduced into a heap of charred ruins smelling death, with thousands of people standing in long breadlines and selling their properties out to buy some food. Less than three months,” Illia Ponomarenko, a reporter for The Kyiv Independent, tweeted.
On Sunday, the United Kingdom’s defense ministry estimated that Russia has likely lost a third of its ground invasion forces since the war began.
Moscow is believed to have deployed as many as 150,000 troops in Ukraine.
The ministry added that Russian forces in Eastern Ukraine have “lost momentum” and are “significantly behind schedule.” Moreover, it said Russia failed to achieve substantial territorial gains over the last month while sustaining “consistently high levels of attrition.”
“Under the current conditions, Russia is unlikely to dramatically accelerate its rate of advance over the next 30 days,” the ministry concluded.
Sweden also signaled on Sunday that it will join Finland in applying for NATO membership.
See what others are saying: (The Daily Beast) (U.S. News and World Report) (The Hill)
Israel Moves to Build Over 4,000 West Bank Settlements as Palestinian Homes Demolished
The Israeli military is proceeding with a plan to evict at least 1,000 Palestinians from the West Bank.
Settlers Get Ready to Move in
On Thursday, a military planning body in the Israeli-occupied West Bank approved the construction of 4,427 housing units, according to the watchdog group Peace Now.
“The State of Israel took another stumble toward the abyss and further deepened the occupation,” Hagit Ofran, an expert at Peace Now, said via the Associated Press.
The plan is the largest advancement of settlement projects since President Joe Biden took office in the United States.
The U.S. opposes settlement expansion and said as much when the plan was first announced last week, but critics say Washington has done little to pressure Israel to stop.
In a statement, U.N. Mideast envoy Tor Wennesland called the settlements a “major obstacle to peace.”
“Continued settlement expansion further entrenches the occupation, encroaches upon Palestinian land and natural resources, and hampers the free movement of the Palestinian population,” he said.
In October, Israel approved some 3,000 settlement homes despite a U.S. rebuke. There are currently over 130 Israeli settlements in the West Bank harboring almost 500,000 settlers, in addition to the nearly three million Palestinians living in the territory.
Palestinians Pushed Off Their Land
On Wednesday, the same day Israeli soldiers allegedly shot and killed Al-Jazeera journalist Shireen Abu Akleh, the military demolished at least 18 buildings in the West Bank, including 12 residential ones.
Israel’s supreme court has also ruled that eight Palestinian hamlets can be expelled, potentially leaving at least 1,000 Palestinians homeless.
The area targeted is known as the Masafer Yatta, and its residents say they have been herding animals and practicing traditional desert agriculture there for decades, long before Israel took over the West Bank in 1967. Israel, however, claims there were no permanent structures there before the military designated it a firing zone in the 1980s
“What’s happening now is ethnic cleansing,” Sami Huraini, an activist and a resident of the area, told the Associated Press. “The people are staying on their land and have already started to rebuild.”