- U.S., U.K., and Canadian agencies are accusing Russia of stealing research into a COVID-19 vaccine through known cyber attack exploits.
- In a report published Thursday, the three nations officially stated for the first time that the group known as Cozy Bear is a part of Russian intelligence services, a group known for targeting the DNC during the 2016 election.
- However, it’s unlikely that any damage was actually done to research since the goal seems to have been to steal data for Russian use.
- The report never stated if any data was actually stolen or not.
Cyber Attacks Against COVID-19 Research
Intelligence and security agencies from the United States, United Kingdom, and Canada accused Russian intelligence services of instigating cyber attacks against research facilities that are trying to find a COVID-19 vaccine.
In a report published Thursday titled “Advisory: APT29 targets COVID-19 vaccine development,” the U.K. National Cyber Security Centre, Canada’s Communications Security Establishment, and the U.S. National Security Agency wrote, “Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”
It also states that APT29 is just another name for a famous group of cyber attackers, writing “this report details recent Tactics, Techniques, and Procedures of the group commonly known as ‘APT29’, also known as ‘the Dukes’ or ‘Cozy Bear’.”
The name Cozy Bear may sound familiar because its the same group accused of hacking the Democratic National Convention during the 2016 election.
This report, for the first time, clearly states that the Canadians, British, and Americans officially think Cozy Bear “is a cyber espionage group, almost certainly part of the Russian intelligence services.” While the group has long been assumed to be a part of the Russian security services, in the past it was only ever officially referred to as a “state-backed actor.”
This report follows a similar story from May when the U.S. and U.K. accused “state-back actors” of targeting organizations responding to the coronavirus pandemic with cyber attacks. However, at the time the names of the groups involved were never released.
How Did Cozy Bear Attack?
According to this recent report, Cozy Bear gained access to computers and systems through a variety of methods. Some of these are well known to the public, while others are believed to have been put into the public domain for the first time ever with this report.
Many of these attacks stem from gaining access to machines through well-known security exploits. Most of the exploits have been patched over the last two years, and the report urges companies and organizations to ensure they are up to date.
After gaining access, the attackers would use a malware called SoreFang, which is essentially just a downloader that allows the attacker to put more malware onto a computer. The two other prominent malware mentioned in the report are WellMess and WellMail.
WellMess was discovered in 2018 and allows the hackers to upload and download files from a victim’s computer. While WellMail allows the hacker to execute scripts on a victim’s machine and send that data to a server. The report also states that to their knowledge, information about WellMail hasn’t been in the public domain until today.
Other hacking methods include one of the oldest tricks in the book: phishing. Phishing and Spear Phishing are when a cyber attacker tries to trick someone to give their login credentials. This can be through generic emails pretending to be from an organization, or a more personalized email.
Damage Done to Research
Thursday’s report doesn’t state if research efforts into a COVID-19 vaccine were hampered, nor does it name any specific facilities that were targeted. Yet, it doesn’t seem like any damage was actually done. According to The New York Times, “Outside experts said it appeared that the Russians were simply copying information, not trying to damage the research organizations.”
One of those experts is Mike Chapple, an associate professor teaching cybersecurity at Notre Dame, who said: “The potential harm here is limited to commercial harm, to companies that are devoting a lot of their own resources into developing a vaccine in hopes it will be financially rewarding down the road.”
It’s not too shocking that information that could help Russia develop their own vaccine would be targeted as the country has been hit hard by the coronavirus. Initially, Russian agencies stated they had no cases at all and had it under control; however, now they report cases. As of July 16, there’s been over 750,000 confirmed cases and nearly 12,000 deaths.
Even if the hacks likely didn’t actually affect the progress of research, it didn’t stop officials from being upset about them. British Foreign Minister Dominic Raab said in a statement, “While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health.”
While the NSCS’ Director of Operations, Paul Chichester, condemned the attacks. “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” he said.
Despite the indignation from the U.S., U.K., and Canada, Chapple noted to The New York Times that there’s a chance those three were doing the same to other countries.
“It wouldn’t surprise me if intelligence services of all nations are doing this same kind of thing and using the information to advance their research against coronavirus,” he added.
For their part, Kremlin spokesman Dmitry Peskov denied the allegations, telling the Russian news agency RIA that the allegations were not backed by proper evidence.
See what others are saying: (BBC) (The New York Times) (Reuters)
5 Dead, 2 Injured After Bow and Arrow Attack in Norway
Police have called the incident a terror attack, though exact details regarding the suspect’s motives remain unclear.
Super Market Attack
The Norwegian town of Kongsberg is reeling from a deadly incident at Coop Extra supermarket on Wednesday that police are treating as “an act of terrorism.”
Shortly before 6 p.m., a 37-year old Danish man entered the market, armed with a bow and arrow, along with other weapons. He then began firing at those inside the building.
Authorities quickly responded and were on the scene within five minutes. Despite a police confrontation with the suspect, the attack continued. Four women and one man were ultimately killed while two others were left injured.
The suspect initially avoided arrest after managing to flee the scene. Police Chief Ole Bredrup Sæverud told reporters Thursday that it took 35 minutes to catch the attacker.
While police described the incident as a terror attack, they refused to specify a motive. Officials did hint that the rampage might have been religiously motivated by revealing that police had previously been in contact with the suspect due to his conversion to Islam and possible connections to radical content and teachings. Still, Sæverud clarified that the perpetrator hadn’t been actively investigated at all in 2021.
Prime Minister Erna Solberg, who was just hours away from leaving office after she was ousted in recent elections, described reports of the scene as “horrifying” on Wednesday. Incoming Prime Minister Jonas Gahr Støre said in a Facebook post from Thursday morning that the attack was a “cruel and brutal act.”
Norway’s King Harald expressed his sympathies to the mayor of Kongs-berg, telling the country, “We sympathize with the relatives and injured in the grief and despair.”
“And we think of all those affected in Kongs-berg who have experienced that their safe local environment suddenly became a dangerous place. It shakes us all when horrible things happen near us, when you least expect it, in the middle of everyday life on the open street.”
Attacks of this nature are rare in Norway. In 2019, a right-wing gunman tried to enter a mosque before being overpowered and hitting no one. Wednesday’s attack is the most deadly since July 2011, when a far-right extremist killed 77 people at a Labour party summer camp.
Editor’s Note: At Rogue Rocket, we make it a point to not include the names and pictures of mass murderers or suspected mass murderers who may have been seeking attention or infamy. Therefore, we will not be linking to other sources, as they may contain these details.
Protests Erupt in Italy Over World’s Toughest Vaccine Mandate
The violence is believed to have been instigated by far-right groups that oppose COVID-19 vaccines and other pandemic-related safety measures.
Green Pass Pushback
Demonstrators gathered in Rome over the weekend to protest against Italy’s plans to require a coronavirus “Green Pass” for all workers starting Oct. 15.
The Green Pass is a European Union initiative that shows whether someone is vaccinated, has recovered from COVID-19 in the past six months, or has received a negative COVID test in the past 48 hours.
Since August, Italy has required the pass for entry at restaurants and use of long-distance trains, along with nearly every other activity that involves interaction with others or use of a public space. Now, the pass will be required to enter a workplace, which critics argue is particularly harsh.
Individuals who can’t produce a valid Green Pass will be suspended without pay, making it the most extreme of any COVID-19 mandate in the world.
The weekend protests started out peaceful, with people chanting “Liberta,” which means freedom. However, the scene turned violent by Saturday when a group of protesters affiliated with the far-right Forza Nuova party decided to storm the headquarters of the CGIL, Italy’s biggest and oldest labor union.
Protesters then marched towards the Prime Minister’s office, prompting police to respond with anti-riot measures like tear gas, water cannons, and shield charges.
It’s unclear how many protesters were hurt in the ongoing fighting, but dozen of police officers were reportedly hurt in the scuffle. By Sunday evening. at least 12 protesters were arrested, many of who are members of Forza Nuova, including its leader Roberto Fiore. Authorities also indicated in a press conference on Monday that it had identified at least 600 other people who took part in illegal activities during the demonstrations.
Fiore was unapologetic about the rioting, and Forza Nuova said in a statement, “The popular revolution will not stop, with or without us, until the Green Pass is definitively withdrawn. Saturday was a watershed between the old and the new. The people decided to raise the level of the clash.”
Saturday’s events have led many of the country’s largest political parties, including the 5Star Movement and the Democratic Paty, to support a motion calling for Nuova Forza and similar groups to be dismantled in line with a constitutional provision from 1952 that bans fascists parties.
While that motion is still going through the legislative process, prosecutors have already seized the group’s website in line with a 1988 law that bans inciting violence through public communications.
“The events [on Saturday] take us back to the darkest and most dramatic moments of our history and they are an extremely serious and unacceptable attack on democracy,” Valeria Fedeli, a senator with the center-left Democratic Party, said on Monday.
The violence from the weekend may make it seem like a sizeable chunk of Italians are against the vaccine; however, over 70% of all Italians are already vaccinated, making it one of the highest rates in the world.
According to polling from the summer, most Italians think the new rules will help in the long run and prevent another catastrophe like last year when the country ran out of room to bury the dead due to the number of deaths caused by COVID-19.
Romanian Government To Disband After No-Confidence Vote
The vote comes after Prime Minister Florin Cîțu caused a rift with political allies and faced criticism for his response to the COVID-19 pandemic.
Florin Cîțu, Alleged “Tyrant”
Romania’s center-right governing body collapsed Tuesday after the legislature passed a no-confidence vote against Prime Minister Florin Cîțu.
The leader’s downfall was facilitated by the normal opposition, the center-left Social Democratic Party, the far-right Alliance for the Unity of Romanians, and the Union to Save Romania. The Union is considered a political wildcard because, until last month, the right-wing party was part of Cîțu’s governing coalition.
The party withdrew from Cîțu’s government after multiple of its members were sacked, including the Justice Minister, prompting the party to describe Cîțu as a “tyrant.”
Other parties in the legislature particularly opposed Cîțu due to his government’s handling of the coronavirus pandemic since taking office in December. COVID-19 cases have skyrocketed over the last month and have averages over 11,000 daily new cases since October 6.
Tuesday’s no-confidence vote was a landslide victory, with 281 members voting to replace him and all members of his party abstaining or boycotting the vote. Despite this, even if they had voted in favor of Cîțu, the opposition had more than enough to pass the 230 vote threshold.
Avoiding Another Election
President Klaus Iohannis, a staunch ally of Cîțu, has called on the political parties to hold consultations next week and try to form a new government rather than hold new elections because they last occurred in December.
“Romania must be governed; we are in a pandemic, winter is coming, there is an energy price crisis…and now a political crisis. We need solutions and mature decisions,” the president told reporters.
He also took a jab at the Union to Save Romania, saying that the fall of the government was caused by “cynical politicians, some of whom are disguised as reformists.”
The Union responded in a statement of its own, saying it was “unpleasantly surprised by the fact that President Iohannis condoned the rushed, chaotic, and ill-conceived actions of former Prime Minister Florin Cîțu that forced the [Union] to leave the cabinet.”
Some analysts within Romanian media think that Cîțu’s party may try to form a minority government with the Social Democratic Party, the left-leaning party that initiated this no-confidence vote, with the caveat that Cîțu is replaced as Prime Minister. If that doesn’t occur, Iohannis has the power to simply reappoint Cîțu at the risk of another no-confidence vote.
If Cîțu’s appointment is confirmed within 60 days, then elections will take place. The Social Democratic Party, which is already the largest in the legislature, currently stands to win the most seats. Unlike its rivals, the party is polling positively, leading the group to push for new elections sooner rather than later.