The United States and United Kingdom issued a new advisory Tuesday warning of ongoing cyberattacks against organizations involved in the coronavirus response, including health care bodies, pharmaceutical companies, academics, medical research organizations and local government.
These malicious actors “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” according to the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
“The pandemic has likely raised additional requirements for APT actors to gather information related to COVID-19. For example, actors may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19 related research,” the advisory says.
APTs are generally hacking groups sponsored by foreign governments and Monday’s alert suggests that supply chains may be especially vulnerable. “Actors view supply chains as a weak link that they can exploit to obtain access to better protected targets. CISA and NCSC have seen ‘APT’ actors scanning the external web sites of targeted companies looking for vulnerabilities in unpatched software,” according to the advisory.
The new warning comes after CNN reported last month that the Trump administration is pointing the finger at China for attempting to steal coronavirus research amid a growing wave of cyberattacks by nation states and criminal groups on US government agencies and medical institutions leading the pandemic response.
Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit, officials say, and the Department of Health and Human Services – which oversees the Centers for Disease Control and Prevention – has been struck by a surge of daily strikes, an official with direct knowledge of the attacks previously told CNN.
Monday’s advisory noted that security agencies in the US and UK “have seen large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organizations.”
“Password spraying” is the attempt to access a large number of accounts using commonly known passwords, according to the joint statement released by NCSC and CISA.
“Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe,” Paul Chichester, NCSC director of operations, said in a statement.
“By prioritizing any requests for support from health organizations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it,” he added.
Bryan Ware, CISA assistant director of cybersecurity, echoed those concerns.
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19,” he said.
“The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity,” Ware added.
The Department of Justice has said they are particularly concerned about attacks by Chinese hackers targeting US hospitals and labs to steal research related to coronavirus.
“It’s certainly the logical conclusion of everything I’ve said,” John Demers, the head of the Justice Department’s National Security Division, said when asked specifically about China’s actions during an online discussion last month on Chinese economic espionage hosted by Strategic News Service. “We are very attuned to increased cyber intrusions into medical centers, research centers, universities, anybody that is doing research in this area.”
“There is nothing more valuable today than biomedical research relating to vaccines for treatments for the coronavirus,” Demers added. “It’s of great importance not just from a commercial value but whatever countries, company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story.”
Secretary of State Mike Pompeo – who has been consistently attacking China over the pandemic – told Fox News last month, “The biggest threat isn’t our ability to work with China on cyber, it’s to make sure we have the resources available to protect ourselves from Chinese cyberattacks.”
But despite an overwhelming consensus that these attacks are occurring at an increasingly high tempo and near universal agreement over the primary state actors, the US and its closest allies have been careful in assigning blame for specific actions.
“If there was that degree of confidence, you’d see more definite language,” an official from a country that shares intelligence with the US previously told CNN. “That’s not what we’re being told.”
CNN’s Alex Marquardt and Joe Johns contributed reporting