20 May 2020

US officially warns China is launching cyberattacks to steal coronavirus research

By Alex Marquardt, Kylie Atwood and Zachary Cohen

Washington (CNN)The US Department of Homeland Security and the FBI issued a "public service announcement" Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical companies, calling it a "significant threat."

The joint warning from the FBI and DHS's cyber arm, CISA, warns "organizations researching COVID-19 of likely targeting and network compromise by the People's Republic of China (PRC). Healthcare, pharmaceutical and research sectors working on COVID-19 response should all be aware they are the prime targets of this activity and take the necessary steps to protect their systems."

The notification elevates the accusation by the US government that China is taking advantage of the pandemic to carry out significant cyber espionage on critical institutions fighting the virus.

The statement did not provide any evidence of China's involvement.


Wednesday's warning comes as tensions continue to escalate between Washington and Beijing with the two sides issuing verbal jabs over how each country is handling the pandemic. The Trump administration has also continued to attack the Chinese government for failing to be transparent about the origins of the outbreak.

CNN has previously reported that the administration has pointed the finger at China for attempting to steal coronavirus research as officials are warning they have seen a growing wave of cyberattacks on US government agencies and medical institutions leading the pandemic response by nation states and criminal groups.

Hospitals, research laboratories, health care providers and pharmaceutical companies have all been hit, officials say, and the Department of Health and Human Services -- which oversees the Centers for Disease Control and Prevention -- has been struck by a surge of daily strikes, an official with direct knowledge of the attacks previously told CNN.

"We have to be the first ones through the door if we want any of our allies to follow us," a national security official told CNN earlier Wednesday, explaining the thinking behind the warning. "If this pandemic can't get our allies in the right place, what's going to?"

The New York Times first reported that the announcement was expected and CNN confirmed the news earlier Wednesday.

The Department of Justice has said they are particularly concerned about attacks by Chinese hackers targeting US hospitals and labs.

On Monday, the head of the Justice Department's National Security Division appearing on CNBC said, "it would be crazy to think that right now the Chinese were not behind some of the cyber activity that we're seeing targeting US pharmaceutical companies and targeting research institutes" doing coronavirus research.

"This is the holy grail of biomedical research right now" and it has "tremendous value both commercially and geopolitically," he added.

Demers also said that US companies will ultimately want to sell their product.

Secretary of State Mike Pompeo -- who has been consistently attacking China over the pandemic -- told Fox News last month, "The biggest threat isn't our ability to work with China on cyber, it's to make sure we have the resources available to protect ourselves from Chinese cyberattacks."

Cyber espionage from China against the United States has spiked in the months since the outbreak of the virus according to the leading cybersecurity group FireEye. The group reported that Chinese group APT41 has carried out "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."

Last week, the US and United Kingdom issued a new advisory warning of ongoing cyberattacks against organizations involved in the coronavirus response, including health care bodies, pharmaceutical companies, academics, medical research organizations and local government.

These malicious actors "frequently target organizations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities," according to the UK's National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).

"The pandemic has likely raised additional requirements for APT actors to gather information related to COVID-19. For example, actors may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19 related research," the advisory said.

APTs are generally hacking groups sponsored by foreign governments and last week's alert suggests that supply chains may be especially vulnerable.

This story has been updated with a statement from the FBI and DHS and additional background.

No comments: