- Coronavirus vaccine and treatment research was targeted in several attacks on US firms originating from China, the US government announced.
- Two Chinese hackers were indicted for the hack of various institutions and companies in an attack that began more than 10 years ago.
- The hackers have allegedly breached several companies working on vaccine candidates, treatments, and diagnostic tools.
Dozens of companies and labs are racing to find vaccines and drugs that can cure the novel coronavirus. Some of these drugs have shown promise in clinical trials, including vaccine candidates, monoclonal antibodies, and other medications that have been repurposed for treating COVID-19. Well over 100 teams are working on vaccine candidates alone. Not every drug needs to work, but the world will require more than one vaccine for future immunization campaigns. Manufacturing and logistic challenges could make it difficult for a single provider to satisfy the global need. The same goes for other medications, whether they are brand new compounds or existing substances that could be effective against SARS-CoV-2.
But not all countries are playing fairly when it comes to ending this pandemic. It’s not just Russian hackers that are attempting to steal coronavirus research secrets, as the US government has charged two Chinese hackers with targeting companies researching vaccines and treatments for the novel virus.
A federal grand jury indicted two Chinese hackers for a “sweeping global computer intrusion campaign,” Axios reports.
The attack started 10 years ago and has recently targeted companies that have are researching the virus. The two hackers are in their mid-thirties and were reportedly trained in computer applications at the same Chinese universities. The hackers have targeted high tech industries in several countries for the past few years, including several in the European Union as well as the US, said the Department of Justice in a press release on Tuesday:
Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defense. In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.
Hackers allegedly conducted reconnaissance on a Massachusetts firm conducting research on a vaccine. A month later, a business in California working on antiviral drugs was breached. In mid-May, a different California-based company that is working on diagnostic research was also probed for vulnerabilities.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John C. Demers said.
The DoJ explains that the hackers targeted known software vulnerabilities “in popular web server software, web application development suites, and software collaboration programs.” They also targeted insecure default configurations in typical applications and used these vulnerabilities to place malicious apps on the target computers. They also installed software that let them steal credentials and control computers remotely. The attackers also attempted to hide the breaches:
To conceal the theft of information from victim networks and otherwise evade detection, the defendants typically packaged victim data in encrypted Roshal Archive Compressed files (RAR files), changed RAR file and victim documents’ names and extensions (e.g., from “.rar” to “.jpg”) and system timestamps, and concealed programs and documents at innocuous-seeming locations on victim networks and in victim networks’ “recycle bins.”
In some cases, the hackers returned years after the first attack to probe for data again. They were not successful in all instances, the press release says, thanks to the efforts of the FBI and network defenders.