State-backed hackers targeting coronavirus responders, US and UK warn

State-backed hackers targeting coronavirus responders, US and UK warn
Government-backed hackers are attacking health care and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus outbreak, Britain and the United States said on Tuesday in a joint warning. (File/Shutterstock))
Short Url
Updated 06 May 2020
Follow

State-backed hackers targeting coronavirus responders, US and UK warn

State-backed hackers targeting coronavirus responders, US and UK warn
  • One US official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian hackers
  • State hacking groups “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” the NCSC and CISA said

LONDON/WASHINGTON: Government-backed hackers are attacking health care and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus outbreak, Britain and the United States said on Tuesday in a joint warning.
In a statement, Britain’s National Cyber Security Center (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organizations and local governments.
The NCSC and CISA did not say which countries were responsible for the attacks. But one US official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian hackers, as well as some Russian-linked activity.
The two officials spoke on condition of anonymity to discuss non-public details of the alert. Tehran, Beijing and Moscow have all repeatedly denied conducting offensive cyber operations and say they are the victims of such attacks themselves.
State hacking groups “frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities,” the NCSC and CISA said.
“For example, actors may seek to obtain intelligence on national and international health care policy or acquire sensitive data on COVID-19 related research.”
The warning follows efforts by a host of state-backed hackers to compromise governments, businesses and health agencies in search of information about the new disease and attempts to combat it.
Reuters has reported in recent weeks that Vietnam-linked hackers targeted the Chinese government over its handling of the coronavirus outbreak, and that multiple groups, some with ties to Iran, tried to break into the World Health Organization.
The officials said the alert was not triggered by any specific incident or compromise, but rather intended as a warning — both to the attackers and the targeted organizations that need to better defend themselves.
“These are organization that wouldn’t normally see themselves as nation state targets, and they need to understand that now they are,” said one of the officials.
The agencies said hackers had been seen trying to identify and exploit security weaknesses caused by staff working from home as a result of the coronavirus outbreak.
In other incidents, the attackers repeatedly tried to compromise accounts with a series of common and frequently-used passwords — a technique known as “password spraying.”
“It’s no surprise that bad actors are doing bad things right now, in particular targeting organizations supporting COVID-19 response efforts,” a CISA spokesman said.
“We’re seeing them use a variety of tried and true techniques to gain access to accounts and compromise credentials.”