U.S. President Donald Trump administration has accused China for the increasing number of cyberattacks on its government agencies and medical institutions involved in the fight against coronavirus (COVID-19) pandemic and for attempting to steal research on coronavirus, according to a report from CNN.
According to the officials, hospitals, research laboratories, health care providers, and pharmaceutical companies all have been hit. The Department of Health and Human Services (HHS) managing the Centers for Disease Control and Prevention has been hit by a wave of daily strikes, an official having direct knowledge of the attacks said.
“It is safe to say that there are only two places in the world that could hit (the Department of Health and Human Services) the way it’s been hit,” an official familiar with the attacks told CNN.
The two main “culprits” targeting (HHS) were Russia and China, the official said. However, top national security officials have singled out as the main source of these Covid-19 related cyberattacks.
Chinese hackers targeting U.S. hospitals and labs to steal research related to coronavirus is a growing concern now, says the Department of Justice.
“It’s certainly the logical conclusion of everything I’ve said. We are very attuned to increased cyber intrusions into medical centers, research centers, universities, anybody that is doing research in this area,” said John Demers, the head of the Justice Department’s National Security Division.
“There is nothing more valuable today than biomedical research relating to vaccines for treatments for the coronavirus,” Demers said. “It’s of great importance not just from a commercial value but whatever countries, company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story.”
Blaming China
Ever since the outbreak of the virus, there has been an increase in cyber espionage from China against the U.S.
FireEye, a leading cybersecurity group, last month had reported that Chinese group APT41 carried out “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”
Secretary of State Mike Pompeo who has been constantly attacking China over the pandemic on Thursday told Fox News, “The biggest threat isn’t our ability to work with China on cyber, it’s to make sure we have the resources available to protect ourselves from Chinese cyberattacks.”
The Chinese Embassy in Washington has been asked to comment on the allegations.
The increase in cyberattacks on the HHS and the wider medical sector is part of a larger cyber campaign conducted by groups linked to many countries in addition to China, including Russia, Iran, and North Korea.
The U.S. national security community has regularly accused the quartet of being the most complicated and active actors against the U.S.
The cyberattacks from nation-states and criminal groups amid the coronavirus crisis have come in several forms with various goals, such as posing as U.S. agency or authority with phishing emails to steal data and information, denial of service, ransomware attacks, and misinformation, among others, both on the open internet and darknet.
“The COVID-19 pandemic has provided a unique opening to nefarious actors and cybercriminals,” a senior Trump administration official told CNN.
Despite being under attack, HHS, along with the cyber arm of the Department of Homeland Security, CISA has worked to increase the defenses of those pandemic-related organizations, the official added.
Bill Evanina, Director of the National Counterintelligence and Security Center and the person who also led the U.S. intelligence community’s battle against Chinese industrial and academic spying and theft of intellectual property has cautioned that critical research for COVID-19 vaccines risks being stolen and replicated overseas.
“Medical research organizations and those who work for them should be vigilant against threat actors seeking to steal intellectual property or other sensitive data related to America’s response to the COVID19 pandemic,” Evanina told CNN. “Now is the time to protect the critical research you’re conducting.”
‘They Are Trying To Steal Everything’
U.S. officials have been cautious in assigning blame for specific actions despite the alarming rate at which the cyberattacks are taking place.
“If there was that degree of confidence, you’d see more definite language,” an official from a country that shares intelligence with the U.S. said. “That’s not what we’re being told.”
The Cyber Threat Intelligence (CTI) League, a global group of more than 1,400 vetted cybersecurity experts, who are working with U.S. authorities to take down threats as and when they emerge, put out its first report this week.
According to the CTI, the threat actors from the four nation-states that usually target the U.S. are now concentrating on and taking advantage of the pandemic.
“They are trying to steal everything,” Ohad Zaidenberg, one of the group’s co-founders who is based in Israel, said of the landscape of actors.
He added that countries like China and Iran “can steal information regarding the coronavirus information that they don’t have, (if) they believe someone is creating a vaccine and they want to steal information about it. Or they can use the pandemic as leverage so they (can) to steal any other type of information.”
Google’s Threat Analysis Group (TAG), a specialized team of security experts has specifically recognised over a dozen government-backed attacker groups that are using “COVID-19 themes as lure for phishing and malware attempts”, according to a new report published Wednesday.
“Our systems have detected 18 million malware and phishing Gmail messages per day related to Covid-19, in addition to more than 240 million COVID-related daily spam messages.
“TAG has specifically identified over a dozen government-backed attacker groups using Covid-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files,” the report said.
“One notable campaign attempted to target personal accounts of US government employees with phishing lures using American fast-food franchises and COVID-19 messaging. Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options.”
Google’s report also mentioned a new activity that validates reporting from Reuters last month about Iranian-backed hackers trying to break into the World Health Organization (WHO).
On Thursday, WHO said since the outbreak began it “has seen a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large.”
“This week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response,” the organization said in a news release. “The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by the current and retired staff as well as partners.”
More Action Should Be Taken Say Lawmakers
According to sources, the National Security Agency (NSA) and Cyber Command have launched aggressive cyber action since the outbreak of the coronavirus in the U.S. to try and stall a wide variety of foreign attacks, including disinformation. Since the work of those agencies remains highly classified, the exact nature of that response is not clear.
These agencies continue to use a “defend forward” posture, which includes attacking operations aimed to discourage foreign actors linked to nation-state rivals, multiple officials told CNN.
Gen. Paul Nakasone, who leads the U.S. Cyber Command and the NSA, has been given additional authority to carry out these kinds types of operations without the need to get White House permission in recent years.
While Cyber Command, NSA and CISA chose not to comment on these offensive measures and their response to the senators, CISA did point to warnings they issued with British counterparts.
Currently, these agencies are working with an exceptional amount of freedom, but some lawmakers believe that more steps need to be taken to protect U.S. health organizations and agencies during the ongoing pandemic.
Last week, a two-party group of senators, which included members of the Intelligence and Armed Services committees, said Cyber Command and CISA need to be more aggressive with their warnings and action to defend against what they called an “unprecedented and perilous campaign of sophisticated hacking operations from state and criminal actors amid the coronavirus pandemic.”
“Disinformation, disabled computers, and disrupted communications due to ransomware, denial of service attacks, and intrusions means critical lost time and diverted resources,” Senators Tom Cotton, Richard Blumenthal, Mark Warner, David Perdue and Edward Markey wrote in a letter to Nakasone and the CISA director, Christopher Krebs.
“During this moment of national crisis, the cybersecurity and digital resilience of our healthcare, public health, and research sectors are literally matters of life-or-death.”
