Promising that more technical details would be released in the next few days, the FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today released a public service announcement warning that China is targeting organizations researching treatments and vaccines for COVID-19.
The agencies said the alert was issued “to raise awareness of the threat to COVID-19-related research” and said that the FBI is investigating “the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.”
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the alert said. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
The alert comes on the heels of last week’s joint warning from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) that advanced persistent threat actors are actively targeting healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments involved in coronavirus response.
“CISA and NCSC are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” that alert said. “APT groups frequently target such organizations in order to steal sensitive research data and intellectual property for commercial and state benefit. Organizations involved in COVID-19-related research are attractive targets for APT actors looking to obtain information for their domestic research efforts into COVID-19-related medicine.”
The new FBI and CISA alert urges “all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.”
CISA is “providing services and information to support the cybersecurity of federal and state/local/tribal/territorial entities, and private sector entities that play a critical role in COVID-19 research and response.”
The agencies recommended that potential targets “assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity” and “patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.”
Organizations related to COVID-19 research should also “actively scan web applications for unauthorized access, modification, or anomalous activities,” “improve credential requirements and require multi-factor authentication,” and “identify and suspend access of users exhibiting unusual activity.”
Those who believe they have been the victim of an attack or attempted breach are encouraged to contact their local FBI field office, and should contact CISA for help in assessing and correcting cyber vulnerabilities.
Chinese Foreign Ministry spokesman Zhao Lijian said in a Monday briefing that the hacking allegations are “immoral” and “rumor-mongering without presenting any evidence.”
Reuters exclusively reported Friday that hackers linked to Iran have been targeting staff at Gilead Sciences Inc., which makes the antiviral drug remdesivir, approved as a treatment to potentially reduce the length of recovery for hospitalized COVID-19 patients.