US officials are reportedly planning to issue a warning that hackers in China are preparing to steal vaccine and treatment research from America.
According to The New York Times, hackers are seeking an advantage in the pandemic, which includes ‘valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing’.
A draft of the warning, which is expected to be released in the coming days, focuses on cybertheft and action by ‘nontraditional actors’.
The Times reports that these ‘nontraditional actors’ are researchers and students who the Trump administration says are being activated to steal data from inside academic and private laboratories.
US officials are reportedly planning to issue a warning that hackers in China are preparing to steal vaccine and treatment research from America. Chad Wolf, acting Secretary of the Department of Homeland Security is pictured speaking alongside President Donald Trump
Hackers are seeking an advantage in the pandemic, which includes ‘valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing’. Hackers could attempt to steal data from academic and private labs (file image)
The Trump administration’s decision to issue the accusation is part of a broader deterrent strategy that also involves United States Cyber Command and the National Security Agency, officials told the Times.
News of the accusation against China comes just days after it was revealed that hackers linked to Iran targeted staff at US drugmaker Gilead Sciences in recent weeks, as the company races to deploy a treatment for the COVID-19 virus.
In one case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs, according to an archived version on a website used to scan for malicious web addresses. It’s unclear if the attack was successful.
Ohad Zaidenberg, lead intelligence researcher at Israeli cybersecurity firm ClearSky, who closely tracks Iranian hacking activity and has investigated the attacks, said the attempt was part of an effort by an Iranian group to compromise email accounts of staff at the company using messages that impersonated journalists.
Two other cybersecurity researchers, who were not authorized to speak publicly about their analysis, confirmed that the web domains and hosting servers used in the hacking attempts were linked to Iran.
Iran’s mission to the United Nations denied any involvement in the attacks.
‘The Iranian government does not engage in cyber warfare,’ said spokesman Alireza Miryousefi. ‘Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.’
A spokesman for Gilead declined to comment, citing a company policy not to discuss cybersecurity matters.
The hacking attempts show how cyber spies around the world are focusing their intelligence-gathering efforts on information about COVID-19, the disease caused by the coronavirus.
In recent weeks, Reuters has reported that hackers with links to Iran and other groups have also attempted to break into the World Health Organization, and that attackers linked to Vietnam targeted the Chinese government over its handling of the coronavirus outbreak.
Britain and the US warned last week that state-backed hackers are attacking pharmaceutical companies and research institutions working on treatments for the new disease.
The joint statement did not name any of the attacked organizations, but two people familiar with the matter said one of the targets was Gilead, whose antiviral drug remdesivir is the only treatment so far proven to help patients infected with COVID-19.
News of the accusation against China comes just days after it was revealed that hackers linked to Iran targeted staff at US drugmaker Gilead Sciences (file image) in recent weeks, as the company races to deploy a treatment for the COVID-19 virus
The hacking infrastructure used in the attempt to compromise the Gilead executive’s email account has previously been used in cyberattacks by a group of suspected Iranian hackers known as ‘Charming Kitten,’ said Priscilla Moriuchi, director of strategic threat development at US cybersecurity firm Recorded Future, who reviewed the web archives identified by Reuters.
‘Access to even just the email of staff at a cutting-edge Western pharmaceutical company could give … the Iranian government an advantage in developing treatments and countering the disease,’ said Moriuchi, a former analyst with the US National Security Agency.
Iran has suffered acutely from the COVID-19, recording the highest death toll in the Middle East.
The disease has so far killed more than 282,000 people worldwide, triggering a global race between governments, private pharmaceutical companies and researchers to develop a cure.
Gilead is at the forefront of that race and has been lauded by President Donald Trump, who met the California company’s CEO Daniel O’Day at the White House in March and May to discuss its work on COVID-19.
The US Food and Drug Administration last week gave emergency use authorization to Gilead’s remdesivir for patients with severe COVID-19, clearing the way for broader use in more hospitals around the United States.
An official at one European biotech company said the industry was on ‘red alert’ and taking extra precautions to guard against attempts to steal COVID-19 research, such as conducting all work related to vaccine trials on ‘air-gapped’ computers that are disconnected from the internet.