Share this article on:
Organizations involved in research into SARS-CoV-2 and COVID-19 have been warned that they are being targeted by hackers affiliated with the People’s Republic of China (PRC) and should take steps to protect their systems from attack.
The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security and the Federal Bureau of Investigation (FBI) have warned that organizations in the health care, pharmaceutical, and research sectors that are working on testing procedures, SARS-CoV-2 vaccines, and new treatments for COVID-19 are being targeted by hackers looking to gain access to research data to advance PRC’s research program. The Trump Administration has also warned that cyber espionage campaigns targeting COVID-19 research organizations are now being conducted by hackers linked to Iran.
In the alert, CISA and the FBI warn that the theft of intellectual property in these attacks jeopardizes the delivery of secure, effective, and efficient treatment options. All organizations involved in COVID-19 research have been advised to apply the recommended mitigations as soon as possible to prevent surreptitious review and theft of COVID-19 related data.
CISA warns that press attention affiliating an organization with COVID-19 research is likely to result in increased interest and cyber activity and it is best to assume that targeted cyber attacks will occur. Patching efforts should be stepped up and critical vulnerabilities should be addressed on all systems. If patches cannot be applied to address vulnerabilities, mitigations should be implemented until the patches can be applied. Priority should be given to vulnerabilities known to have been exploited by these threat actors and vulnerabilities on internet-connected servers and software processing internet data.
Scans should be conducted on all web applications to identify anomalous activity that could indicate unauthorized access and checks conducted to identify any modifications that have been made to the applications. Authentication measures should be strengthened, and multi-factor authentication should be implemented.
Scans should be performed to identify unusual user activity. When anomalous behavior is detected, access should be immediately suspended pending further investigation. When suspicious or criminal activity is detected, the local FBI field office should be alerted. CISA and the FBI will be releasing technical information about threats and cyberattacks in the coming days.