Federal investigators are looking into the "targeting and compromise of U.S. organizations" researching COVID-19 by cybercriminals "affiliated" with the Chinese government, the FBI and DHS' cyber arm, the Cybersecurity and Infrastructure Security Agency, said in a joint alert.
"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research," the agencies said in the alert. "The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options."
U.S. officials did not provide any details on which organizations had been compromised or targeted or proof that the Chinese government had ordered the attacks, saying only that the FBI is investigating. But the authorities — saying they aimed to "raise awareness" of the issue — urged U.S.-based organizations involved in COVID-19-related research to be vigilant about cybersecurity, including by quickly patching known security vulnerabilities in their networks.
Organizations researching potential vaccines or treatments for the coronavirus should assume that any press reports linking them to the pandemic response "will lead to increased interest and cyber activity," the FBI and CISA warned. Potential targets should also be routinely scanning their systems for signs of unauthorized access and reporting "information concerning suspicious or criminal activity" to their local FBI field office, officials said.
Wednesday's alert comes as COVID-19 has brought with it a rise in cyberattacks, with industry experts pointing to the health care ecosystem as an obvious target.
Both Microsoft Corp. and Interpol have advised hospitals to be on the lookout for cybercriminals attempting to hold them hostage with ransomware attacks. And in March, the U.S. Department of Health and Human Services investigated a suspicious spike in activity on its network, in what security officials called a "cyber incident" that did not disrupt the agency's pandemic response.
U.S. officials have also, increasingly in recent years, publicly accused the country's adversaries — including not just China but also Russia, North Korea and Iran — of supporting cyberattacks on American institutions, either directly or in more subtle ways.
In 2015, President Barack Obama and Chinese President Xi Jinping reached a detente in which both countries agreed not to target the other's private businesses through cyberattacks for economic gain. But that agreement appears to have fallen apart, with the U.S. government, for example, accusing Beijing in December 2018 of orchestrating sweeping campaigns to loot sensitive data from American companies.
And in February, U.S. Attorney General William Barr publicly pointed the finger at the Chinese military for perhaps its most wide-reaching alleged cyberattack yet: hacking credit bureau Equifax to steal Social Security numbers and other personal data on nearly half of all Americans.
--Editing by Jay Jackson Jr.
For a reprint of this article, please contact reprints@law360.com.