Cyberattacks against health and government organizations in charge of COVID-19 response efforts originated from state-sponsored hackers, officials say. The attacks have targeted entities in both the U.S. and the U.K.
State sponsored hackers appear to be behind the swell of cyberattacks on health and government organizations leading the COVID-19 response in the U.S. and the United Kingdom, both countries' cyber agencies announced Tuesday.
These threat actors have sought to use the public health crisis to disrupt response efforts, gather intelligence and conduct espionage, officials with the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.'s equivalent National Cyber Security Centre (NCSC) said this week.
Attacks have involved password spraying and known exploits, with hackers targeting a diverse array of groups, including health and safety organizations, government agencies, universities, and health-care companies. Recent reports show prominent national and international targets, including the World Health Organization and the National Institutes of Health, have also been hit.
A large number of these attacks seem to be centered around gathering information on COVID-19 research, as the targeting of pharmaceutical and medical research organizations suggests.
"APT [advanced persistent threat ] groups frequently target such organizations in order to steal sensitive research data and intellectual property for commercial and state benefit. Organizations involved in COVID-19-related research are attractive targets for APT actors looking to obtain information for their domestic research efforts into COVID-19-related medicine," reads a joint alert from CISA and NCSC released Tuesday.
Hackers may also be interested in gaining intelligence on national and international health-care policy, the release states.
Private security firms have also confirmed these findings. John Hultquist, senior director of Intelligence Analysis at FireEye, said in an email that his company had seen evidence of such activities.
"We have identified intrusion activity by cyberespionage actors against several organizations that are substantially involved in COVID-19 response efforts such as research and public administration," said Hultquist. "We believe intelligence services throughout the world are under enormous pressure to collect intelligence on COVID-19, and we anticipate a full court press on organizations involved in public health administration, research, manufacturing, and treatment related to the pandemic."
FireEye couldn't comment on which specific APTs it has witnessed engaged in this activity. Similarly, a representative from CISA told Government Technology that the agency would not be providing further information beyond what was published in the press release.