Russian President Vladimir Putin listens to Ivan Dedov, president of the Health Ministry's national endocrinology center, during their meeting in the Kremlin in Moscow, Russia, Tuesday, July 14, 2020

Russian President Vladimir Putin listens to Ivan Dedov, president of the Health Ministry's national endocrinology center, during their meeting in the Kremlin in Moscow, Russia, Tuesday, July 14, 2020 Alexei Nikolsky, Sputnik, Kremlin Pool Photo via AP

Russia’s Attempted Vaccine Hack Suggests Research — and Putin’s Grand Plan — Has Stalled

The Kremlin’s cyber attack on the UK, U.S., and Canada suggests their coronavirus vaccine — and a key Putin promise — is far from reality.

For years, Vladmir Putin has boasted about his ability to restore Russia to its previous state of scientific glory. It appears that effort may not be going as well as the Russian president had hoped. 

On Wednesday, the UK’s National Cyber Security Centre issued a joint statement with United States and Canadian partners claiming that Russian actors known as APT29, or Cozy Bear, linked to Russia’s FSB services (and the 2016 DNC hack,) had hit biotech targets in their countries “involved in COVID-19 vaccine development.”  The center doesn’t say if any data was stolen but does say the likely intent was “stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.” 

“Putin has argued for the last two or three years that he has pushed to save Russian science,” said Matthew Schmidt,  an associate professor of national security and political science at the University of New Haven. Putin has also blamed declines in Russian science on the fall of the Soviet Union and, by extension, the West. “He’s been pushing to rebuild that. If he actually had a strong community of science, a strong educational system he wouldn’t need to do this stuff. My concern is that they’re actually behind [in vaccine development.] You have to be hacking for a reason,” Schmidt said. “That Russia hacked vaccine research is a statement of the weakness of Russian science under 20 years of Putin’s rule. He has failed his country.”

Russia, which just surpassed 750,000 positive cases of the coronavirus, has struggled to match the rhetoric of its leaders with actual progress against the pandemic. In May, Russia’s health minister publicly promised that a vaccine would be available by the end of this month. In July, Russian scientists reported success with one vaccine in some trials but, according to Schmidt, that effort is probably not as far along as the Russian government claims. The relatively small pool of military and civilian volunteers in the trial reported little to no side effects after receiving the vaccine. And scientists with the Gamalei Scientific Research Institute of Epidemiology and Microbiology, who vaccinated themselves, still don’t really know if the vaccine is effective

“If you start reading the literature, it looks like they’re in what, to us, would be a Phase I trial. They’ve shown that they can induce generic immunity but not specific immunity yet,” said Schmidt. Vaccine candidates from Oxford, the United States, and Canada are much further along. The Oxford team, for instance, expects to be done with human trials in September. US-based Moderna is beginning Phase III clinical trials now. 

Schmidt says the world should expect more Russian attempts to leapfrog the vaccine development timeline because Putin is under pressure to show results.  But while targeting Western biomedical institutions could give the Russian government valuable information where they stand in the competition, it’s not likely to make their vaccine perform better. 

In terms of the hack itself, it aligns with what the world has seen over the last few years from APT29. The group’s technical footprint has not changed much since 2016, according to Chris Kennedy, the chief information security officer for cybersecurity firm AttackIQ “They have been working more on scaling up the frequency and sophistication of their attacks. Common attacker behaviors are still largely the kill chain we understand.” 

That kill chain includes exploiting targets with well-executed phishing attacks or malware, then using compromised accounts to gain access to better accounts with more privileges and hopping laterally from network node to network node to avoid detection and steal even more credentials. 

“The reality is that this playbook has continued to work for APT29 and many other cybercrime organizations for over a decade - the only real evolution is increasing the scale of attacks, using more automation to launch and orchestrate attacks, and using more sophisticated ways of leveraging different methods of initial access to the target organization.”