|Another Five Eyes nation details sustained cyber-attacks against healthcare and COVID-19 related entities.|
In the wake of similar statements by the American, British, Israeli, and other governments, Australia has warned of “malicious cyber actors are seeking to exploit the pandemic for their own gain.” In particular, Australia cautioned that “malicious cyber actors are seeking to damage or impair the operation of hospitals, medical services and facilities, and crisis response organisations outside of Australia.”
However, unlike a number of attributions alleged by the American government, naming the People’s Republic of China and the Democratic Republic of North Korea, Australia’s Department of Foreign Affairs and Trade (DFAT) and the Australian Cyber Security Centre (ACSC) did not attribute the malicious activity. Rather Australia’s Ambassador for Cyber Activities Dr. Tobias Feakin called “on all countries to cease immediately any cyber activity – or support for such activity – inconsistent with these commitments.” He also related his government’s urging of “all countries to exercise increased vigilance and take all reasonable measures to ensure malicious cyber activity is not emanating from their territory.”
The DFAT/ACSC statement follows previous warnings about cyber-attacks and hacking during the COVID-19 pandemic. On 8 May, ASCS issued “Advisory 2020-009: Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services” that asserted “APT groups may be seeking information and intellectual property relating to vaccine development, treatments, research and responses to the outbreak as this information is now of higher value and priority globally.” ASCS stated “[a]ccordingly, Australia’s health or research sectors could be at greater threat of being targeted, and potentially compromised, by malicious APT groups.” In late April, the ASCS issued a threat update aimed at “raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians.”
Moreover, the Australian government has made its concerns know at the United Nations. DFAT claims to have folded its concerns about “this international activity” into its comments on pre-draft report of the United Nations’ Open-ended Working Group (OEWG).
Earlier this month, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s Government Communications Headquarters’ (GCHQ) National Cyber Security Centre (NCSC) issued a joint advisory for the healthcare sector, especially companies and entities engaged in fighting COVID-19. The agencies stated that they have evidence that Advanced Persistent Threat (APT) groups “are exploiting the COVID-19 pandemic as part of their cyber operations.” NCSC and CISA “highlight ongoing activity by APT groups against organisations involved in both national and international COVID-19 responses…[and] describe some of the methods these actors are using to target organisations and provides mitigation advice.” The entities being targeted include healthcare bodies, pharmaceutical companies, academia, medical research organisations, and local government. However, the agencies do not identify the APT groups or their countries of origin in the advisory.
Last week, in an unclassified public service announcement, the Federal Bureau of Investigation (FBI) and CISA named the People’s Republic of China as a nation waging a cyber campaign against U.S. COVID-19 researchers. The agencies stated they “are issuing this announcement to raise awareness of the threat to COVID-19-related research.” The agencies said “[t]he FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.” The FBI and CISA claimed that “[t]hese actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.” The agencies asserted “[t]he potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” The FBI and CISA “urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.”
© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.