The US authorities have formally blamed Chinese-affiliated hackers for attempting to steal vital COVID-19 research from domestic companies working on vaccines.
An announcement from the FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned research organizations to “maintain dedicated cybersecurity and insider threat practices” in light of the attacks.
“The FBI is investigating the targeting and compromise of US organizations conducting COVID-19-related research by PRC-affiliated cyber-actors and non-traditional collectors,” it said.
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
The notice urged organizations working on COVID-19 research to assume they would be targeted and ensure all internet-connected software and systems are promptly patched.
They should also switch on multi-factor authentication (MFA), block suspicious user activity and scan web applications for unauthorized access, modification or anomalous activities, it added.
The news comes days after suspected Iranian hackers are thought to have targeted employees at US drug-maker Gilead Sciences.
Both CISA and the UK’s National Cyber Security Centre (NCSC) issued an alert earlier this month warning that APT groups are targeting healthcare and research organizations in both countries.
Reports also emerged at around the same time that UK universities working on a vaccine, including Oxford University, had been probed by state-sponsored attackers.
“The practice of stealing IP in this way has been going on for a very long time, and the fabric of the internet allows these hackers to hide their identity and even to mislead researchers as to their true country of origin,” argued Matt Aldridge, principal solutions architect at Webroot.
“Accurate attribution of the source state of these types of attack can be extremely difficult for this reason. It is likely that attackers from many nations are targeting US research intuitions right now, either with a motivation of profit through the sale of stolen research, through ransom demands via crypto malware or through illicit government payouts to feed into secret research programs.”