Government-backed hackers are attacking healthcare and research institutions in an attempt to steal valuable information about attempts to stem the new outbreak of the coronavirus, Britain and the United States said in a joint warning Tuesday. In a statement, the UK’s National Cyber Security Center (NCSC) and the U.S. Cyber Security and Infrastructure Security Agency (CISA) said the hackers had targeted drug companies, research organizations and local governments.
The NCSC and CISA have not said which countries were responsible for attacks. But an American official and a British official said the warning was in response to attempts by hackers to suspect Chinese and Iranian hackers, as well as to a number of Russian activities. The two officials spoke on condition of anonymity to discuss non-public details of the warning. Tehran, Beijing and Moscow have all repeatedly denied conducting cyber-offensive operations and say they are victims of such attacks themselves.
State hacking groups “often target organizations to collect large amounts of personal information, intellectual property and intelligence consistent with national priorities,” said the NCSC and CISA. “For example, actors may attempt to obtain information about national and international health care policies or to obtain sensitive data on COVID-19 related research.”
The warning follows the efforts of many state-backed hackers to compromise governments, companies and health authorities in search of information about the new disease and attempts to combat it. In recent weeks, Reuters reported that hackers linked to Vietnam had called on the Chinese government to address the coronavirus outbreak and that several groups, some linked to Iran, were attempting to break into the World Health Organization.
The officials said the warning was not caused by a specific incident or compromise, but rather was intended as a warning – both to the attackers and to the targeted organizations that need to defend themselves better. “These are organizations that would not normally see themselves as targets of nation-states, and they should understand that they are now,” said one official.
The agencies said hackers had been seen attempting to identify and exploit security vulnerabilities caused by staff working from home as a result of the coronavirus outbreak. In other incidents, the attackers repeatedly tried to compromise accounts with a series of commonly used and frequently used passwords – a technique known as “password spraying”.
“It is no surprise that bad actors are currently doing bad things, particularly targeting organizations that support COVID-19 response efforts,” said a CISA spokesperson. & # 39; We see that they use several proven techniques to access accounts and compromised credentials. & # 39;
