Washington — Cyber actors and "non-traditional collectors" linked to the Chinese government are targeting and possibly seeking to compromise U.S. organizations conducting COVID-19 research, two U.S. security agencies warned Tuesday.
A public service announcement from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, said the hackers have been "attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research."
"The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options," the announcement said.
The agencies warned organizations affiliated with COVID-19 research to closely monitor their systems and reinforce their cyber defenses by patching, improving passwords and incorporating two-factor authentication.
Both agencies have closely monitored the activities of a range of foreign government hackers during the pandemic and have previously warned that universities, research facilities and healthcare institutions could be at heightened risk.
"We certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research," FBI Deputy Assistant Director for the Cyber Division Tonya Ugoretz said during a panel discussion hosted by the Aspen Institute last month.
"The most valuable intellectual property in the world right now is to do with COVID vaccines, no question," Robert Hannigan, the former director of GCHQ, Britain's version of the NSA, told CBS News' Charlie D'Agata about the current threat. "Talking to people in the healthcare sector and the academic world, they do feel under siege at the moment."
Hannigan, who's currently Chairman of BlueVoyant International, and other cyber security experts say hackers are targeting the entire process: anything to do with COVID19-related research for vaccines, tests and treatments. That makes every entity involved in the process, including university labs, medical facilities, government agencies and pharmaceutical companies — and every association between those entities — a potential weak link.
Social distancing measures causing millions of employees to work from home — some of them on personal computers with vulnerable software — has exacerbated the threat, experts said.
"It's made the playground much bigger," Hannigan told D'Agata.
In a rare joint advisory, security agencies in the U.S. and United Kingdom warned last week that unnamed nation-state cyber actors were targeting "health care bodies, pharmaceutical companies, academia, medical research organizations and local governments." The agencies urged employees of those organizations to harden their passwords and implement two-factor authentication to protect against the most common attacks.
Private cybersecurity firms and U.S. government agencies have observed that Russia, China, Iran and North Korea have all escalated cyber activity, as well as disinformation efforts related to the coronavirus.
U.S. law enforcement and intelligence officials have also previously warned of China's use of so-called "non-traditional collectors" — including students and researchers — who are enlisted to steal scientific data and proprietary technologies. The country's top counterintelligence official, National Counterintelligence and Security Center Director Bill Evanina, has said China's theft of U.S. intellectual property totals as much as $400 billion annually.
A spokesman for China's foreign ministry said Monday that Beijing was leading in the race for a COVID-19 vaccine and opposed all forms of cyberattacks. "It is immoral for anyone to engage in rumor-mongering without presenting any evidence," Zhao Lijian, the spokesman, said.
The Trump administration was consistently issuing warnings to allies and admonitions to Beijing about China's attempted espionage even before the coronavirus pandemic brought U.S.-China relations to a new low. Late last year, the Justice Department issued a series of China-related indictments, accusing telecom giant Huawei and two subsidiaries of theft of trade secrets and charging members of China's People's Liberation Army for a 2017 hack of credit reporting agency Equifax. In January, it charged a Harvard University professor with lying to authorities about his financial ties to China's Thousand Talents Plan, a recruiting platform designed to attract high-level scientific talent to China.
While President Trump occasionally praised Chinese president Xi Jinping's handling of the outbreak in its early stages, Mr. Trump and a number of senior U.S. administration officials have since accused Beijing in increasingly acrimonious terms of covering up the origins of the virus and withholding information about its transmission. Both Mr. Trump and Secretary of State Mike Pompeo have vowed unspecified consequences for China.
They have also said publicly that significant evidence links the virus outbreak to a research laboratory in Wuhan. While U.S. intelligence agencies have acknowledged that they are looking into that scenario as well as the theory, more widely accepted by scientific experts, that transmission occurred elsewhere in nature, the agencies have not said that either scenario is, at this stage, more or less likely to have occurred than the other.
At a press briefing on Monday, Mr. Trump obliquely addressed China's targeted cyber activities.
"What else is new with China? I'm not happy with China, could have stopped it at the source, should have," Mr. Trump said. "Now you're telling me they're hacking. What else is new? We're watching very closely."