“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments and testing from networks and personnel affiliated with Covid-19-related research,” the notice says. “The potential theft of this information jeopardises the delivery of secure, effective and efficient treatment options.”
The hackers are affiliated with the Chinese Government, according to the statement. It adds: “Chinese government cyberthreat actors are actively exploiting trust relationships between information technology (IT) service providers – such as managed service providers and cloud service providers – and their customers”, and one of the suggested mitigations for organisations is to, “ensure their providers have conducted a review to determine if there is a security concern or compromise and have implemented appropriate mitigation and detection tools for this cyber activity.”
The warning came shortly after another joint statement between CISA and the UK's National Cyber Security Centre (NCSC), which claimed that advanced persistent threat (APT) groups are targeting healthcare and research organisations in the UK and US.
There's more information here: www.us-cert.gov/china.
The CISA/FBI warning did not provide specific details about the targets of attacks – it just stated that investigations are underway.
Although probably unrelated, there seems to have been a rise in sophisticated hacks against targets used for research. For example, around a dozen high-performance computing (HPC) facilities in Germany, the UK and Switzerland have had to shut down.
On 11 May 2020, Archer, the UK's National Supercomputing Service, found ‘security exploitation’ on its login nodes. It shut off all access and has invalidated all passwords and SSH keys. At the time of writing, the service was still offline and has warned users that all future access will require multi-factor authentication. There's more information here: www.archer.ac.uk/status/.
On the same day, the Baden-Württemberg High Performance Computing (bwHPC) project in Germany announced that five computing clusters across the country had to be shut down due to an unspecified security incident. A few days later, the Leibniz Supercomputing Centre and the Jülich Supercomputing Centre (JSC), both also in Germany, also went offline due to security issues. Shortly after, the Swiss Centre of Scientific Computations (CSCS) detected malicious activity on its systems and cut off access.
These HPC facilities are used for research in a wide range of disciplines, including chemistry, bioinformatics, physics and others.
Meanwhile, two construction firms in the UK that have been involved with the building of emergency hospitals to help deal with the pandemic have come under separate cyber attacks. Bam Construct, which worked on the Yorkshire and Humber hospital, seems to have suffered a straightforward ransomware attack which, the firm said, caused relatively little disruption.
A attack against Interserve, which worked on Birmingham's NHS Nightingale hospital and is also a major contractor to the Ministry of Defence, has had a major data breach. Around 100,000 records relating to former and current employees have been compromised. The data includes names, addresses, bank details, payroll information, next-of-kin details, personnel and disciplinary records. The firm has released little in the way of detail other than that the breach occurred “earlier this month”.