Coronavirus: Russian and Chinese hackers target US and UK labs

International hackers have targeted coronavirus research labs in the US and UK, cybersecurity agencies have warned.

The US Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre say the criminals have been discovered targeting healthcare bodies, particularly those involved in coronavirus response. 

The news comes as countries worldwide remain engaged in a tense race to develop a vaccine. The first country to do so will undoubtedly achieve huge diplomatic and geo-political influence.  

One team at Oxford University has teamed up with a bio-pharmaceutical company and started trials in a bid to unlock the crisis. 

The joint advisory did not name specific countries involved in the hackings but Sky News said the culprits are understood to include China, Russia and Iran. 

The agencies have noted a number of ‘password spraying’ attacks, where hackers attempt to access a large number of accounts using commonly known passwords, targeting healthcare organisations and other medical groups. 

The bodies said they believe criminals were targeting such organisations in the hope of gathering information related to the coronavirus outbreak. 

The two bodies urged healthcare and medical research staff to improve their password security and and implement two-factor authentication on accounts to reduce the possibility of threats. 

Earlier this month the health secretary Matt Hancock signed off on a directive that will give the intelligence service GCHQ access to the NHS’ IT network.  

He said yesterday during a press conference that he did not think it would be necessary to make the vaccine compulsory and that ‘I think that the extent of the public’s reaction to following the lockdown shows that we will be able to achieve very high levels of vaccination without taking that step’.

Speaking at a press conference this afternoon Dominic Raab confirmed that cyberattacks had taken place.

He said: ‘There will always be some that seek to exploit a crisis for their own criminal and hostile ends. 

‘We know that criminals and malicious groups are targeting individuals, businesses and other organisations.

‘That includes groups that are known in the cyber security world as advance persistent threat groups – sophisticated networks of hackers that try to breach security systems.’ 

‘They’re often linked with other state actors, and we expect this kind of predatory criminal behaviour to continue and to evolve over the coming weeks and months ahead, and we’re taking a range of measures to tackle that threat.’

‘We are working with the targets of those potential attacks and others to make sure that they’re aware of the cyber threat’ and that they can take the steps necessary to protect themselves and at the very least mitigate the harm that could be brought against them.’

‘Our teams have identified campaigns targeting healthcare bodies and pharmaceutical companies,’ he added.

Raab said the predatory behaviour will ‘continue to evolve’ and advice will help targets to better defend against cyber attacks from ‘hostile states’ and ‘criminal gangs’.  

The UK will ‘continue to counter those who conduct cyber attacks’, by working with international agencies. 

The country remains determined to ‘defeat’ both coronavirus and those who look to exploit it ‘for their own nefarious ends’, he added. 

Paul Chichester, NCSC director of operations, said: ‘Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.

‘By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

‘But we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns.’

The NCSC launched its Suspicious Email Reporting Service last month, following a surger in the number of coronavirus-related email scams. 

The service allows the public to forward emails directly to the centre to report suspected scams. More than 25,000 reports were received in the first week and 395 websites were taken down.  

Bryan Ware, CISA assistant director of cybersecurity, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.

‘The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity,’ he said.

The news of possible hacking comes a day after European leaders pledged to raise more than £6.5billion to help develop a coronavirus vaccine and fund research into the diagnosis and treatment of the disease. 

A virtual summit held yesterday was attended by China, Germany, Italy, Japan, Norway, Saudi Arabia and the European Commission, the the US was notably absent, as countries unite in a bid to slow the widespead devastation caused by the virus. 

There have so far been close to 3.6million confirmed cases of cornavirus worldwide and around 252,000 deaths, though the true number is estimated to be much higher. 

The pledging event marks the start of a month-long drive for investment before a Global Vaccine Summit is hosted by the UK on June 4.

In his message to the summit, Boris Johnson said the ‘race to discover the vaccine to defeat this virus is not a competition between countries but the most urgent shared endeavour of our lifetimes’.