Chinese hackers tried stealing US COVID-19 vaccine research: Details here
Even as the world remains battered by the coronavirus pandemic, hackers are not stopping from disrupting the work going on to fight the crisis. A month ago, we reported the case of Iran-linked hackers trying to access emails of WHO staffers, and now, the US has alleged that a group of China-affiliated threat actors tried to compromise its research for COVID-19 vaccine. Here's more.
Warning from US Cybersecurity and Infrastructure Security Agency
In a recent public notice, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned about the "threat to COVID-19-related research." The agencies claimed that certain state-sponsored Chinese "cyber actors and non-traditional collectors" have attempted to carry out sophisticated cyber-attacks against US organizations and researchers conducting studies around COVID-19, its spread, and treatment.
Attacks aimed at stealing vaccine, treatment information
Though the warning said the FBI is investigating the matter, it did note that the attacks appeared targeted at stealing information around the vaccine and treatment for COVID-19. "These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research," it read.
More details to be revealed in coming days
Beyond confirming the hacking attempt to steal COVID-19 research, the FBI-CISA warning does not tell much about the attack or the organization(s) targeted. However, the agencies asserted that they would release more technical details in the coming days, which may reveal how the Chinese threat actors tried to break into the systems of American companies researching COVID-19 vaccines, treatments.
Recommendation to patch systems
In the same notice, the agencies also recommended US researchers and companies to patch their respective systems for security vulnerabilities and flaws as well as to enable two-factor authentication to prevent breaches. They emphasized that the potential theft of their research information could jeopardize "the delivery of secure, effective, and efficient treatment options" to the general public.
