Hackers acting on behalf of the Chinese government are targeting coronavirus research labs in the US, security officials have warned.
In a joint advisory issued on Wednesday (14 May), the FBI and Cybersecurity and Infrastructure Security Agency (CISA) disclosed that the hackers are seeking to steal intellectual property linked to coronavirus vaccines, treatments and testing.
The announcement came just days after CISA partnered with the UK’s National Cyber Security Centre (NCSC) to warn that coronavirus researchers on both sides of the Atlantic are facing a surge in cyber attacks from foreign adversaries.
In the latest guidance, the FBI and CISA said: “The FBI is investigating the targeting and compromise of U.S. organisations conducting COVID-19-related research by [People’s Republic of China]-affiliated cyber actors and non-traditional collectors. […] The potential theft of this information jeopardises the delivery of secure, effective, and efficient treatment options.
“The FBI and CISA urge all organisations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.”
For organisations that might be at risk of attacks, CISA has some familiar advice: patch systems regularly and quickly, with a particular focus on internet-connected servers and software, scan web apps for evidence of intrusion, monitor for unusual user behaviour and set up multi-factor authentication.
The British government hasn’t publicly attributed the attacks on UK research, but reports have suggested that China, Russia and Iran are among the suspects. NCSC has previously said those three nations, and North Korea, pose “strategic national security threats to the UK”.
In a statement issued last week, the Foreign Secretary Dominic Raab said: “The effects of these cyber attacks are potentially life-threatening as they disrupt and put pressure on organisations and individuals working hard to save lives.
“The UK will continue to counter those who conduct reckless cyber attacks for their own malicious ends. We are working closely with our allies to hold the perpetrators to account and deter further malicious cyber activity around the world.”
Commenting on the FBI and CISA’s guidance, John Hultquist, an analyst at FireEye, said: “We have identified cyber espionage at several organisations conducting research on COVID-19. Russian, Chinese, and Iranian actors have targeted multiple public and private organisations developing COVID-19 therapies.
“We suspect collecting intelligence on COVID-19 has become the number one priority for intelligence services throughout the world and we expect them to aggressively leverage cyber espionage against the public and private sector.”