What the FBI did to make headway against COVID-19 research hackers

The multi-step process included collecting information that could help victims and would-be victims, as well as used in court.
Tonya Ugoretz, FBI Cyber Division
The FBI's Tonya Ugoretz speaks April 4, 2019, at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and FedScoop. (CyberScoop)

As the FBI investigated alleged Chinese hacking of American COVID-19 research, it used information it found in known victims’ networks to identify others who had been victimized or potentially might be, according to a top bureau official.

It was just one step of several in how the FBI confronted threats to that research, said Tonya Ugoretz, deputy assistant director in the bureau’s cyber division, speaking Tuesday at CyberTalks, a virtual summit hosted by Scoop News Group.

The FBI’s role in defending vaccine makers and others combating the virus is part of a government-wide effort, which has included indictments and public joint agency warnings sounding the alarm that both China and Russia have been trying to steal U.S. research secrets.

The FBI deployed personnel to aid hacking victims and those who faced attempted hacks with their consent, which allowed investigators to collect evidence to aid other potential victims. But that evidence also would be “valuable for any future legal actions,” Ugoretz said.


It shared what it recovered with the intelligence community, which could use the information to understand the hackers’ tactics, Ugoretz said. The FBI prepared a notification to universities, labs, research institutions that they knew had been targeted and that was meant to help them, but that wasn’t intended for wide distribution.

Then came another notice for a broader audience — any organization involved in “COVID research, treatment or remediation” — about the threat, and yet another that shared forensic data that could point toward a potential compromise. Further, it shared information with international allies, she said.

“When you receive that phone call from the FBI that you are threatened by, or have suffered, a cyber intrusion, your response can not only protect your own network, but can also directly strength our ability to protect others and to impose risks and consequences on our adversaries together,” Ugoretz said.

Ugoretz said that the FBI, National Security Agency and the Department of Homeland Security’s Cybersecurity and Information Security Agency have worked closely to improve their coordination on threat information sharing.

“We’ve heard the private sector’s concerns about receiving alerts and notifications from different federal agencies that appear uncoordinated,” she said. “From here on out, you can be assured that if you hear something from one of us, all of us have reviewed it, coordinated on it and made a decision on which of us individually or together is best to deliver the message to the intended audience.”

Latest Podcasts