US Says China-Linked Hackers Targeting COVID-19 ResearchersFBI, CISA Issue Joint Warning to Organizations Conducting Research
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency issued a warning Wednesday that hacking groups linked to China's government are targeting research and healthcare facilities that are working on developing vaccines, testing procedures and treatments for COVID-19.
See Also: 2020 Cyberthreat Defense Report
"The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material," the two agencies said in their alert.
The alert did not contain specific threat intelligence or name any hacking groups. Last month, a top official with the FBI's cyber division warned that U.S. law enforcement had witnessed an increase in nation-state hackers targeting medical research facilities and healthcare organizations conducting research into the virus (see: FBI: Hackers Targeting US COVID-19 Research Facilities).
While spokespersons for the Chinese Foreign Ministry and the country's U.S. embassy did not comment on Wednesday's alert, China has long denied the accusations of targeting American research facilities and other organizations, Reuters reports.
The Trump administration is warning that in addition to China, Iran is also beginning to wage cyber espionage campaigns against research facilities that are developing COVID-19 tests and vaccines, according to the Wall Street Journal, which cited anonymous senior administration officials.
Earlier this month, CISA and the United Kingdom's National Cyber Security Center released a joint statement warning that advanced persistent threat groups affiliated or linked to nation-states had begun targeting a variety of organizations involved in the COVID-19 response in both the U.S. and Britain (see: Alert: APT Groups Targeting COVID-19 Researchers).
CISA and NCSC warned of increases in brute-force attacks by these APT groups to guess users' credentials in order to penetrate IT networks and maintain persistence within the infrastructure.
Tom Kellermann, the head of cybersecurity strategy at VMware - who served as a cybersecurity adviser to the Obama administration - says that China's cyber capabilities are now more advanced than Russia's. And while other threat group may also target these types of research facilities, China is now the top concern.
"The Chinese have increased their efforts to wage a cyber insurgency in the U.S.," Kellermann tells Information Security Media Group. "There is a race for the cure, which is being corrupted by cyber espionage. Chinese cyberattacks have escalated in tandem with the surge of COVID-19."
Even before the COVID-19 pandemic, security experts had warned about nation-state hackers targeting healthcare facilities in search of intellectual property, with China-linked groups suspected of many of these incidents. In August 2019, for example, security firm FireEye reported that several Chinese APT groups had targeted cancer research organizations across the globe with the goal of stealing their research.
The FBI and CISA are urging organizations involved in COVID-19 research to take several cybersecurity steps:
- Patch all critical vulnerabilities, especially for servers and software connected to the internet;
- Scan web applications for unauthorized access or other modifications;
- Update users' credentials and add multifactor authentication;
- Block users, including employees who exhibit usual activity, from accessing critical services.
In addition to their warning Wednesday, the FBI and CISA published on Tuesday a list of the 10 vulnerabilities that have been most frequently exploited by "sophisticated nation-state hackers" in recent years (see: Patch or Perish: Nation-State Hacker Edition ).
Action Against China
Over the last two years, the Trump administration has taken action against China in light of concerns over its cyber activities.
In February, the U.S. Justice Department took the unusual step of indicting four members of China's People's Liberation Army for the 2017 data breach at Equifax, which affected about 145 million Americans. At the time, Attorney General William Barr called the breach one of the largest thefts of intellectual property ever conducted by cyber spies associated with China (see: No Surprise: China Blamed for 'Big Data' Hack of Equifax).
The Trump administration also has discouraged American companies, as well as overseas allies, from using telecom equipment made by Chinese firms such as Huawei and ZTE. The White House has said that the gear could be used for spying (see: Trump Signs Law Banning Federal Funding to Buy Huawei Gear).