The Trump administration accused Chinese Communist Party-affiliated hackers of conducting cyberattacks in an effort to steal U.S. research into possible treatments and vaccines for the coronavirus that originated in Wuhan, China.
The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said Wednesday they were “issuing this announcement to raise awareness of the threat to COVID-19-related research” and its targeting by hackers backed by the People’s Republic of China.
“The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors,” the security alert read. “These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”
The two intelligence agencies warned that “the potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
The FBI noted that it is responsible for protecting the United States against foreign espionage and cyber operations, while CISA said that its role is to protect the nation’s critical infrastructure from both physical threats and cyberattacks, noting that it is providing cybersecurity assistance to all federal, state, and local governments as well as private groups which “play a critical role in COVID-19 research and response.”
The two agencies also called on all organizations conducting research in these areas, from labs to universities to research firms, to “maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.”
The head of the Justice Department’s China Initiative, John Demers, strongly hinted last month that China-backed hackers were looking to steal U.S. coronavirus research.
Demers, the assistant attorney general for national security, issued stark warnings about China’s long history of economic espionage and cyberattacks during a lengthy online discussion. The top DOJ official was pressed on whether China is targeting U.S. hospitals and research labs to steal information that doctors and scientists are learning about the coronavirus.
“It’s certainly the logical conclusion of everything I’ve said — there is nothing more valuable today than biomedical research relating to vaccines or treatments for the coronavirus,” he said. “It would be beyond absurd to think that, well, the Chinese, they care about all this other stuff, but this they’re gonna lay off.”
The DOJ’s China Initiative was initiated in 2018 and aims to combat both Chinese malign influence (ranging from cyberespionage to technology theft) and its Thousand Talents Program that is geared towards stealing research. The department charged Chinese telecommunications giant Huawei in a global racketeering scheme earlier this year.
In consideration of the threat of China trying to steal coronavirus research, Demers added, “We are very attuned to increased cyberintrusions into medical centers, research centers, universities — anybody that is doing research in this area, yes.”
The comments by Demers illuminated April warnings by FBI Deputy Assistant Director Tonya Ugoretz, who confirmed that both cybercriminals and foreign government hackers had targeted the U.S. in a variety of ways, including attempts to steal information related to the U.S. response to the COVID-19 virus and related research. Ugoretz did not reveal which countries were going after U.S. research at the time.
“When we’re talking about threat actors, we’re talking about cybercriminals, those who are looking to conduct cyberintrusions, theft of information, a variety of cybercrimes, usually for personal profit,” she said. “Countries have a very high desire for information … So, we have certainly seen reconnaissance activity and some intrusions into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research.”
Last week, a joint alert from CISA and the United Kingdom’s National Cyber Security Centre warned that “advanced persistent threat groups are exploiting the Coronavirus Disease 2019 pandemic as part of their cyber operations.” They did not name the specific country or countries backing these groups.
The U.S.-U.K. warning noted that hackers were targeting “healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments” and were attempting to obtain “intelligence on national and international healthcare policy, or acquire sensitive data on COVID-19-related research.” The two governments also warned that organizations involved in COVID-19 virus research are “attractive targets” for foreign hackers “looking to obtain information for their domestic research efforts into COVID-19-related medicine.”
The Office of the Director of National Intelligence announced last week its intent to “strengthen the intelligence community’s cyber posture” by combining four previously separate ODNI cyber organizations into one focused operation, dubbed “the IC Cyber Executive.”
The U.S. intelligence community reportedly believes the Chinese Communist Party downplayed the severity of the initial coronavirus outbreak and that China continues to mislead about the infection rate and the death toll inside the country. Beijing has denied orchestrating a cover-up of its coronavirus response.
[Opinion: China’s coronavirus lies pile up]
