State-sponsored hackers from China, Russia, Iran and North Korea are involved in concerted attempts to steal the secrets of the coronavirus vaccine in what security experts describe as “an intellectual property war.”
They accuse hostile state hackers of trying to get early trial results and seizing sensitive information about drug mass production, at a time when a variety of vaccines is close to being approved for the public.
Previously, the main intention of hackers was to steal the secrets behind the design of a vaccine, with hundreds of pharmaceutical companies, research labs, and health organizations around the world being targeted at any one time.
The cyber fight involves Western intelligence agencies, including Britain’s National Cyber Security Center, who say they are committed to protecting “our most critical assets.” But they discuss only a fraction of their work in public.
Instead, they work behind the scenes with pharmaceutical companies, research labs, and cybersecurity specialists, who are easier to describe everyday hacking attempts in what amounts to a global battle.
Adam Meyers, senior vice president of intelligence at IT security specialists Crowdstrike, said countries like Russia and China had been engaged in hacking Western companies and agencies “for the last 20 years,” but since March “they had focused on a topic “. ”, Referring to Covid-19.
“What you are seeing here is the last stage of a long-running intellectual property war, but in which there is much more at stake for those involved. This has become a source of national pride: who can develop vaccines first ”.
However, Western governments remain reluctant to point the guilty finger in all cases of hacker attacks for fear of diplomatic repercussions, and the UK, for example, is particularly cautious in blaming China.
All the accused countries deny their involvement in piracy. Russia has said it is “not aware” of hacker attempts, while China has argued that its vaccine research is so advanced that it “has no need to steal what others are doing.” Iran denies having participated in a cyber war.
Public and private sector experts argue otherwise, saying that state-sponsored hacker groups often have ties to spy or defense agencies. Earlier this year, the UK’s National Cyber Security Center said that Covid vaccine research labs were under attack in the UK, US and Canada by Russian Cozy Bear hackers linked to the internal security agency. FSB.
Western experts add that the attacks come so often from China, Iran and North Korea. In September, Chinese hackers were accused by Spain of stealing Covid research secrets from labs in a “particularly virulent” campaign.
Hackers linked to Iran were charged with trying to steal secrets from the American pharmaceutical company Gilead Research In May, in one case, a fake email login page was used to try to entice a senior executive to give him access to company systems.
British sources indicate that they do not believe that there has been a successful attack on UK targets, although the claim is impossible to prove, but it is recognized that some cyberattacks have been successful around the world.
However, the trend has changed, with hackers from hostile states increasingly focusing on the production method and data around the success of testing. It is the type of information that is considered to be of great importance to nation states, as various vaccines are poised for worldwide deployment.
Pharmaceutical companies are often well-resourced and well-defended, but some academic institutions are less well-defended and researchers need to be informed about the risks, security experts said. “Sometimes investigators are quite surprised when you tell them what might happen,” added an IT security specialist.
Typical attacks include “password spraying”, a simple method used particularly by Russian actors, where generic passwords such as “password123” or “2020” followed by a common word are tested on a large number of accounts.
More sophisticated is the use of “spear phishing”: creating personally targeted emails that invite a person to click on a link that installs malware on a company’s system by encouraging them to click on what could be news related to Covid, or a message from a would be recruiter.
At the end of last week, Microsoft said it had detected cyber attacks of “three nation-state actors targeting seven prominent companies” that were directly involved in research on vaccines and treatments for Covid-19.
Two were found to have come from North Korea, which used spear phishing lures. One sent “fabricated job descriptions posing as recruiters” while the second tried to entice researchers “while posing as a representative of the World Health Organization,” according to Tom Burt, corporate vice president.
Actors linked to China have also attempted to recruit people via LinkedIn, usually posing as an Anglican young woman with a Western name and a Chinese surname, targeting older men. Hackers pose as a recruiter and try to start a dialogue, gaining more information that could lead to a phishing attack.
However, the tactics employed by criminal gangs that often threaten to paralyze a company’s systems or encrypt corporate data and demand money to restore it in a ransomware attack are absent. There is also no evidence of a black market in vaccine secrets.
Jamie Collier, FireEye Mandiant IT security cyberthreat intelligence consultant, said statewide the focus is “information theft, data exfiltration” in attacks that develop gradually in several phases, a system entry is achieved. . “We don’t see state actors displaying a destructive element,” he added.
Martin McKee, a professor of public health at the London School of Hygiene and Tropical Medicine, said he wondered why some states tried to steal vaccine secrets given that so much information about Covid research was made public.
But he acknowledged that some countries highly valued the development of piracy capabilities and liked to implement them. “A plausible interpretation is that these people do it simply because they can,” he added.
Digsmak is a news publisher with over 12 years of reporting experiance; and have published in many industry leading publications and news sites.