The UK’s National Cyber Security Centre and the US National Security Agency have accused Cozy Bear, a hacker group identified with the Russian intelligence community, of running spear-phishing campaigns against vaccine research labs and health care organisations. The timing is significant, as the Oxford vaccine clears early human trials with positive results. The nation which takes first mover advantage in vaccine development can reap significant strategic and commercial gains. Hackers serving spooks would be excited.
Cozy Bear gained global fame in 2016, when it was found to have infested the servers of the US Democratic National Committee (DNC) for over a year, and had briefly shared the rack with late entrant Fancy Bear. Displaying Smiley-grade spookiness, the two hacker groups in the same machine did not seem to be aware of each other’s existence. And a colourful entity named Guccifer 2.0 was also in the fray, distracting forensic efforts to trace malware and phishing attacks.
Guccifer 2.0 was the public face of data theft operations in the US and interference with elections there and in the UK, apart from exploits in the Pentagon, the White House, and in South Korea, Germany, the Netherlands and Norway. While the operations appeared to have been run by the bears, Guccifer 2.0 allegedly dispensed the harvest to everyone from Gawker to Julian Assange. He was an affable man about town, always ready to help people out with a bit of stolen information — especially if it had a political fallout. The fact that he is no longer in the fray, now that the bears are gambolling again after a period in hibernation, suggests that the current attacks have nothing to do with domestic politics. This is a quest for intelligence about national responses to the pandemic, and possibly vaccine data. It is geopolitics — big game hunting.