Marcus Kolga: The Covid-19 Vaccine Hack, Russian Information Warfare & Cyber Resiliency

Q: There have been Russian hacking attempts aimed at US, British and Canadian COVID-19 vaccine research. How has Canada dealt with this and what do you recommend we do so we can protect intellectual property and national sovereignty against these intrusions?


A: This attack was undertaken by a group called Advanced Persistent Threat 29 (APT29), also known as Cozy Bear, or the Dukes. APT29 is the cyber espionage arm of the Federal Security Service and its international counterpart the SCR, part of the Russian federal Security Agency, formerly known as the KGB. Most notably, they were partially responsible for the hack on DNC servers and its chairman John Podesta, whose email password was compromised by a heavy spear phishing attack.

Russian government hackers were able to access other systems to which Podesta had credentials. They stole reams of data, including election strategies for key 2016 battleground states. It’s presumed that a similar tactic was used in the latest Cozy Bear trap on US and UK medical research labs working on a COVID-19 vaccine. In the CSE statement that exposed the hack it’s important to note a couple of things. First, attribution— governments don’t generally attribute hacks to a group or foreign government unless they are absolutely 100% sure of who is behind it. Second, the CSE stated the data was stolen, but more importantly, that hackers tried to inhibit progress on efforts to combat the virus.

This is significant as it defines an extremely malicious intent, which is to harm Canadians and our British and American allies. In my opinion, this constitutes an attack on Canadians. So why did they do it? Russia’s research capabilities are not quite equal to those in Western nations. A recent Washington Post report by George Will claimed that 1/3 of Russian healthcare facilities don’t even have clean running water or hot water for that matter. How can we expect a government that can’t provide clean running water in its hospitals to develop the vaccine for COVID-19? As the Russians and Chinese do when they can’t do it themselves, they steal intellectual property from others.

Putin’s real motivation, as always, is political. He has handled the pandemic very poorly. Several Russian health administrators who expressed criticisms of his handling have mysteriously fallen out of hospital windows over the past month. His approval rating among Russians is tanking along with the price of oil. Putin, whose power is based on the illusion of it must now demonstrate to his people that he can save them with a vaccine. He’ll do it by hook or by crook. In my opinion, orders to hack these institutions came right from the very top.

The CSE warned Canadian medical institutions in March that they could be hacked. That was an extremely important and very good first move, which should have given these institutions time to shore up their security. The CSE’s decision to attribute the hack to Russian intelligence services was also excellent. Exposing attackers in Russian government makes them vulnerable and demonstrates their intent. CSE should be hitting back at , in concert with the Five Eyes partners. The government should not shy away from using its power to push back against malign foreign actors and to disrupt them using threat-reduction measures. Given that the hack was employed to disrupt and hinder efforts to address the pandemic, one must assume that the hack was also intended to intensify COVID’s affects and cause harm to Canada and our allies. As such, the attack should also be brought to the attention of our NATO partners.


Q: How effective do you think Russian disinformation campaigns are today and how have they evolved in the years since the 2016 American election and the French presidential election?


A: Russian information warfare is incredibly effective. They’ve been honing their craft since 2007, when they used an updated version of a Soviet-era strategy during the Bronze Soldier Riots in Estonia. Russia used historical disinformation to deny the Soviet occupation of Estonia and coordinated with radical nationalists to provoke rioting on the streets after authorities relocated a Soviet monument. This was followed by the first-ever state-sponsored cyber-attack where Russian hackers shut down the Estonian banks, media, and other critical websites. The goal of these attacks was to destabilize Estonia.

The primary goal of Russian information warfare is to destabilize, undermine and subvert Western democracy and society. The current turmoil that we see in the United States goes back to the 2016 elections where Russian GRU and SCR hacking units cracked the foundations of U.S democracy at a much cheaper cost than a single Russian battle tank. If the cost of interfering and disrupting American democracy was so low, why not continue?

Russia is a relatively weak nation with an aggressive, expansionist foreign policy. Canadian exports to Russia rank lower than our exports to Bangladesh. It’s much harder for Putin to compete with a unified NATO, EU, America or Canada, so he will try to undermine the cohesion of our alliances and societies. Putin’s hacking takes advantage of the growing rifts that we see in American Society, but Putin has no ideology. His was formed during his time with the KGB—attaining power and holding on to that power at all costs.

Putin’s intelligence agencies have amplified messages on both political extremes to further polarize society and provoke conflict. He will continue doing so until the cost is too high. I suspect that in the November election he’ll order his intelligence units to sow doubt about the legitimacy of the US presidential election on the left and right. Putin ultimately seeks to rise out of the ashes, bring down the Western Democratic order and remake the world in his own image. Canada and our allies are not immune to the tactics underpinning these ambitions.


Q: Is Canada adequately prepared to operate within and meet threats generated in the information realm? Are our policy makers and institutions taking the threat of cyber disinformation and Russian interference seriously enough?


A: Sadly no, we aren’t—not at the moment. A NSICOP report clearly stated that Canada is unprepared and not taking these threats seriously. The report credits CSIS with investigating and identifying threats posed by Russian and Chinese intelligence, but states very clearly that the current government has failed to address information warfare and malign influence operations in general. In my experience, Canadian officials have expressed reluctance in naming foreign threat actors or even considering the intent of their actions.

We prepared well for foreign interference in the run up to the last federal election. The incidence response group was created to assess threats to the election. Other measures were taken but have been completely and utterly abandoned since and have yet to be addressed in any real concrete or meaningful way.

Global Affairs reports incidents to the G7, and the Privy Council office has initiated some useful disinformation workshops with civil society groups and some of our allies. Aside from CSE and CSIS we have no real infrastructure or policy in place to address foreign information warfare or influence operations. This represents a very serious risk to Canadian democracy and society. The government should be looking to our allies in EU and Taiwan to learn how to address these threats. When a disinformation or cyber attack is detected in Taiwan, each government ministry affected is required to develop a publicized counter narrative within two hours to disarm the incoming disinformation payload.

Canada should consider adopting similar strategies, including a disinclination rapid reaction group. It would require each ministry to establish a disinformation point person who could contribute to developing counter narratives against information attacks as they come in. Governments must acknowledge that elections are just one vector that these actors use to attack our democracy. There are many others. Until the government realizes this and develops the whole of democracy approach to defending ourselves, the threat will only grow.


Q: Has Russia been able to leverage COVID 19 to its advantage in terms of waging disinformation campaigns? If so, what do these campaigns look like? How does pandemic- related misinformation impact trust in Western democracies?


A: In March, the European external Action Service put out an official statement that pro- Kremlin and state media were injecting narratives into the information environment in Europe that endangered the lives of EU citizens. This included various conspiracies about the origin of the virus, one of which claimed the virus was developed in the U.S biological warfare laboratory in Maryland. Ironically, this is the same lab where the KGB claims the CIA developed the AIDS virus—a classic case of Soviet-era disinformation. Myths about COVID cures were amplified, by foreign actors and most importantly, these false narratives are designed to erode trust in our own media and our government. Introducing information that suggests the pandemic is a hoax or that Bill Gates and George Soros are colluding with big pharma, or that mask requirements are “about government control” undermine our cohesion as a society and threaten to break it down.

Russia is also engaged in PPE diplomacy or “mask diplomacy”. They attempted to carry favor among Italian politicians with the goal of having them lead the way in removing EU sanctions against Russia. The removal of these sanctions has been a serious foreign policy objective. La Repubblica reported that Italians were being offered 200 Euros by Russian groups if they videotaped themselves saying something positive about Russian aid sent to Italy. Russia and China have used the pandemic to their advantage. This is something we need to address in Canada to protect our own society and democracy.  

The first line of defence against foreign disinformation is people—awareness of what these campaigns look like. Literacy is the first thing that we need to address. The Swedes do it very well, was introduced into the Swedish school curriculum so that children from an early age know how to spot this information and question it.

Having a whole of government approach to this is important. Developing a central group that promotes counter narratives with the assistance of various ministries and civil society is where we’ll find a robust defence against these threats. Right now, we aren’t doing that, so there’s still a long way to go.



Share the article :

Do you want to respond to this piece?

Submit and article. Find out how, here:


In order to personalize your user experience, CDA Institute uses strictly necessary cookies and similar technologies to operate this site. See details here.