The FBI seeks to inform US companies in the healthcare, chemical, and finance sectors of potential targeting activity by the Chinese government against their business and operational components based in China. As early as March 2019, at least two Western companies operating in China detected malware that was delivered through Chinese vendors that were responsible for releasing tax software upgrades following changes in 2018 to China’s value-added tax (VAT). The malware launched a backdoor into victim systems, which the FBI assesses likely allows cyber actors to preposition to conduct remote code execution and exfiltration activities on the victim’s network.
Although all companies conducting business in China may be vulnerable to such activity, the US healthcare and chemical sectors have been a common target of Chinese cyber operations for many years. Pharmaceutical companies form a critical interdependency between the manufacturing components of the chemical sector and the supply chain of the Healthcare and Public Health Sector.
Compromise of the pharmaceutical supply chain provides malicious actors opportunities for theft of US intellectual property, while public disclosure can cause cascading effects including loss of public trust in both chemical and healthcare institutions. As previously highlighted in FBI PIN 20200521-001 released on 21 May 2020 and the US Department of Homeland Security’s joint advisory with Britain’s National Cyber Security Centre, hackers continue to “actively target organizations that include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.”