Government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new coronavirus pandemic, the United Kingdom and the United States have said in a joint warning.
In a statement on Tuesday, the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had targeted pharmaceutical companies, research organisations and local governments.
The NCSC and the CISA did not say which countries were responsible for the attacks. But one US official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian hackers, as well as some Russian-linked activity.
The two officials spoke on condition of anonymity to discuss non-public details of the alert. Tehran, Beijing and Moscow have all repeatedly denied conducting offensive cyberoperations and say they are the victims of such attacks themselves.
State hacking groups “frequently target organisations in order to collect bulk personal information, intellectual property and intelligence that aligns with national priorities”, the NCSC and the CISA said.
“For example, actors may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19 related research.”
The warning follows efforts by a host of state-backed hackers to compromise governments, businesses and health agencies in search of information about the new disease and attempts to combat it.
Reuters news agency has reported in recent weeks that Vietnam-linked hackers targeted the Chinese government over its handling of the coronavirus outbreak, and that multiple groups, some with ties to Iran, tried to break into the World Health Organization.
The officials said the alert was not triggered by any specific incident or compromise, but rather intended as a warning – to the attackers and the targeted organisations that need to better defend themselves.
“These are organisation that wouldn’t normally see themselves as nation-state targets, and they need to understand that now they are,” said one of the officials.
The agencies said hackers had been seen trying to identify and exploit security weaknesses caused by staff working from home as a result of the coronavirus outbreak.
In other incidents, the attackers repeatedly tried to compromise accounts with a series of common and frequently-used passwords – a technique known as “password spraying”.
“It’s no surprise that bad actors are doing bad things right now, in particular targeting organisations supporting COVID-19 response efforts,” a CISA spokesman said.
“We’re seeing them use a variety of tried and true techniques to gain access to accounts and compromise credentials.”