This week, the Trump Administration highlighted hacking by the People’s Republic of China (PRC) that targets entities researching COVID-19. This announcement is the latest in a string of public attributions made by the Trump Administration as part of its larger cybersecurity strategy. For example, the Administration identified “three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government.” Nonetheless, this particular attribution also happens to dovetail, coincidentally or not, with the Trump Administration and Republican Party’s push to throw the focus on the PRC’s actions or inactions at the beginning of the COVID-19 pandemic in Wuhan, PRC.
In an unclassified public service announcement, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) stated they “are issuing this announcement to raise awareness of the threat to COVID-19-related research.” The agencies said “[t]he FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.” The FBI and CISA claimed that “[t]hese actors have been observed attempting to identify and illicitly obtain valuable
|The Administration names the PRC as the nation trying to hack into COVID-19 research facilities.|
intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.” The agencies asserted “[t]he potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” The FBI and CISA “urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material” and made the following recommendations:
- Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
- Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
- Actively scan web applications for unauthorized access, modification, or anomalous activities.
- Improve credential requirements and require multi-factor authentication.
- Identify and suspend access of users exhibiting unusual activity.
CISA Director Christopher Krebs contended “China’s long history of bad behavior in cyberspace is well documented, so it shouldn’t surprise anyone they are going after the critical organizations involved in the nation’s response to the Covid-19 pandemic.” He stressed CISA “defend our interests aggressively.”
And, to no great surprise, the PRC denied the U.S.’s claims. A spokesperson for the PRC’s Foreign Ministry said:
We firmly oppose and fight all kinds of cyber-attacks conducted by hackers. We are leading the world in COVID-19 treatment and vaccine research. It is immoral to target China with rumors and slanders in the absence of any evidence.
Moreover, the PRC is not the only nation of being accused of trying to hack COVID-19 researchers. Iran has been accused of trying to get into a pharmaceutical company, Gilead’s systems to access any information on its efforts to develop a vaccine. An Iranian spokesperson was quoted as claiming “[t]he Iranian government does not engage in cyber warfare…[and] [c]yber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
Last week, CISA and the United Kingdom’s Government Communications Headquarters’ (GCHQ) National Cyber Security Centre (NCSC) issued a joint advisory for the healthcare sector, especially companies and entities engaged in fighting COVID-19. The agencies stated that they have evidence that Advanced Persistent Threat (APT) groups “are exploiting the COVID-19 pandemic as part of their cyber operations.” NCSC and CISA “highlight ongoing activity by APT groups against organisations involved in both national and international COVID-19 responses…[and] describe some of the methods these actors are using to target organisations and provides mitigation advice.” The entities being targeted include healthcare bodies, pharmaceutical companies, academia, medical research organisations, and local government. However, the agencies do not identify the APT groups or their countries of origin in the advisory.
© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.