State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn
Hackers linked with foreign governments continue to target multiple global health care organizations and pharmaceutical companies in a possible bid to gather intelligence or steal research related to the coronavirus pandemic, American and British cybersecurity agencies said Tuesday.
The U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC) “are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” the agencies said in a joint advisory. They did not point the finger at particular governments.
Advanced persistent threat (APT) groups, as state-linked hackers are known, have been scanning public websites of target companies looking for insecure software to exploit, said DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the NCSC. Hackers have also been using a technique called password spraying, which throws common passwords at targets until one of them works, to attack health care organizations in the U.S., U.K., and elsewhere, the agencies said.
It is only the latest evidence that intelligence agencies from multiple governments have used their cyber capabilities to try to gain an advantage in responding to the pandemic.
Last month, cybersecurity company FireEye said that hackers linked with the Vietnamese government had tried to gather information on China’s response to the virus by targeting the government of Wuhan, the Chinese city where the virus first surfaced. The Vietnamese government denied the allegations.
There is also ample evidence that APT groups have tried to infiltrate computer systems at the World Health Organization, the multilateral body responding to the pandemic. Hackers working in the interests of the Iranian government tried to break into WHO email accounts, Reuters reported last month.
Both criminals and spies have repurposed their phishing lures to prey on fears around the virus. A previous advisory from CISA and the NCSC warned of “a growing number of cybercriminals” who were exploiting the pandemic by going after remote access software that people use to telework.
With a vaccine for the respiratory disease likely still many months away, medical research organizations will continue to find themselves in the crosshairs of spies, CISA and the NCSC said Tuesday.
“APT actors will continue to exploit COVID-19 as they seek to answer additional intelligence questions relating to the pandemic,” the advisory said.
Medical research organizations’ “global reach and international supply chains increase exposure to malicious cyber actors,” the U.S. and U.K. cyber agencies added.