Rival states targeted UK and US coronavirus labs with ‘malicious cyber campaigns’

The UK and US have warned that state-backed cyber attackers are trying to steal data from universities, pharmaceuticals and research institutes involved in the coronavirus response.

Organisations trying to develop a COVID-19vaccine are among those being targeted.

A joint advisory published on Tuesday did not name any specific country involved in the “malicious cyber campaigns”, but culprits are understood to include hacking groups from China, Russia and Iran, as well as others.

Dominic Raab, the foreign secretary, called the attacks “particularly venal” given that they were targeting international and national organisations responding to the COVID-19 crisis.

Dominic Raab gives the government's daily coronavirus update

Foreign secretary warns sophisticated networks of hackers targeting UK’s COVID-19 response

“There are various objectives and motivations that lie behind these attacks, from fraud on the one hand to espionage,” he said at the daily Downing Street briefing.

“We expect this kind of predatory criminal behaviour to continue and evolve over the coming weeks and months ahead, and we are taking a range of measures to tackle the threat.”

Mr Raab added: “We’re absolutely determined to defeat coronavirus, and also to defeat those trying to exploit the situation for their own nefarious ends.”

More from Covid-19

  • Coronavirus: The hunt for hackers & adjusting to a new normal

  • Coronavirus: Government eyes further emergency scheme to aid SMEs

  • Coronavirus: Face masks yes, empty middle seats no, says airlines body

  • Coronavirus: Health secretary criticises ‘tone’ of Labour MP and A&E Doctor Rosena Allin-Khan

  • Coronavirus: Circus industry could ‘die’ after ‘falling through the cracks’ for govt funds

  • Coronavirus: Millions entered UK in three months before lockdown but just 273 were quarantined

A joint advisory published on Tuesday did not name any specific country involved in the “malicious cyber campaigns”, but culprits are understood to include China, Russia and Iran, as well as others.

The UK’s National Cyber Security Centre (NCSC), a branch of GCHQ, and its US counterpart, the US Cybersecurity and Infrastructure Security Agency (CISA), urged workers in healthcare and medical research to change easy-to-guess passwords.

They also advised staff in these sectors to use two-factor authentication to help fend off what the agencies called “password spraying” campaigns, which hit a target with multiple common passwords in the hope that one will work.

Close up of hands typing on laptop. Night work concept.
Image:Staff have been advised to strengthen their passwords

There is not thought to have been a successful attack on an institute in the UK, but Sky News understands attacks have had success elsewhere.

The significant rise in cyber attacks on research institutes and universities is thought to be in line with a shift in priorities of national governments in the wake of the COVID-19 pandemic.

Suddenly, access to information held by a rival nation’s laboratories is of top importance.

The US-UK warning said the “advanced persistent threat” (APT) groups carrying out the cyber attacks – typically state-backed hackers – were targeting medical research and healthcare organisations as well as local government “to collect bulk personal information, intellectual property and intelligence that aligns with national priorities”.

:: Listen to Divided States on Apple podcasts, Google Podcasts, Spotify, and Spreaker

The NCSC has made protecting the UK health sector its top priority in the wake of the coronavirus crisis, according to Paul Chichester, the director of operations.

“By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it,” he said.

“But we can’t do this alone, and we recommend healthcare policy makers and researchers take our actionable steps to defend themselves from password spraying campaigns.”

Coronavirus UK tracker: How many cases are in your area – updated daily

Coronavirus UK tracker: How many cases are in your area – updated daily

Security officials have identified targeting of national and international healthcare bodies, pharmaceutical companies, research organisations, and local government with the likely aim of gathering information related to the coronavirus outbreak, the joint US-UK statement said.

The warning followed a joint advisory from the NCSC and CISA last month about cyber criminals exploiting the coronavirus outbreak for their own personal gain.

They warned that the frequency of coronavirus-related cyber attacks will increase over the coming weeks and months.

:: Listen to the Daily podcast on Apple Podcasts, Google Podcasts, Spotify, Spreaker

Last month, the NCSC created the Suspicious Email Reporting Service after seeing an increase in coronavirus-related email scams.

In its first week, the service received more than 25,000 reports – resulting in 395 phishing sites being taken down.

Mark Gibson

Graduates in Northwestern University, Evanston, Illinois 1990. Move to Los Angeles California in 2004. Specialized in Internet journalism.

Leave a Reply

Your email address will not be published. Required fields are marked *