COVID-19 Research Organizations Targeted by Chinese Hacking Groups

Organizations participating in the research studies of SARS-CoV-2 and COVID-19 were warned that hackers linked with the People’s Republic of China (PRC) are focusing attacks on their organizations, for that reason, they have to do something to keep their systems safe from any attack.

The Federal Bureau of Investigation (FBI) together with the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security have issued an alert that healthcare, pharmaceutical and research organizations working on SARS-CoV-2 vaccines, COVID-19 remedies and testing procedures are the targets of hackers wanting to get research data to move ahead with PRC’s research project. The Trump Government also warned COVID-19 research agencies about cyber-espionage campaigns by hackers associated to Iran.

The alert issued by CISA and the FBI mentioned intellectual property theft by the attackers, which jeopardizes access to safe, helpful, and tested treatment solutions. The agencies active in COVID-19 research had been directed to use the recommended mitigations right away to avert surreptitious examination and theft of information associated with COVID-19.

CISA reports that press reports associating an organization with COVID-19 research will likely result in more attention and cyber activity, so it’s better to expect the occurrence of specific cyber attacks. Patching efforts must be up-to-date to resolve critical vulnerabilities on all systems. If not able to apply the patches to resolve vulnerabilities, the agencies must implement mitigations until they could apply the patches. The agencies should also prioritize vulnerabilities that are exploited by attackers and those found on web-linked servers and software applications handling internet data.

Scanning of web applications should be done to identify anomalous activity that points to unauthorized access. The monitoring of changes made to applications should also be performed. There must be more authentication steps implemented including multi-factor authentication.

Scanning for unusual user activity must be conducted. In case of detection of anomalous behavior, access should be stopped immediately followed by an investigation. In case of discovery of dubious or criminal activity, the agency must inform the local FBI field office. CISA and the FBI will give technical information about the threats and cyberattacks soon.