US formally accuses China of hacking US entities working on COVID-19 research

The US government has formally accused China today of orchestrating cyber-attacks against US companies working on COVID-19 research.

The accusations were levied in a joint statement issued by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI).

The two agencies said they’re investigating attacks carried out by “PRC-affiliated cyber actors and non-traditional collectors.”

A non-traditional collector is a term used to describe malicious business partners or employees working inside a targeted organization (aka malicious insiders).

“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the two agencies said.

“The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”

The joint statement, besides assigning blame for the recent attacks, is also meant to serve as a warning for other US organizations.

“Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity,” the US government warned.

In case organizations feel they might be targeted, CISA and the FBI urged them to take preemptive and proactive steps to limit the hackers’ ability to breach their networks by taking a series of steps:

• Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
• Actively scan web applications for unauthorized access, modification, or anomalous activities.
• Improve credential requirements and require multi-factor authentication.
• Identify and suspend access of users exhibiting unusual activity.

Indicators of compromise specific to various Chinese threat actors are also available on the US-CERT website. The FBI asked organizations who detect intrusions to report the incidents to their local office.

In February, the FBI said it was investigating more than 1,000 cases of intellectual property theft carried out by Chinese actors. Four days later, the US charged Huawei on charges of trade secrets theft.