FBI, CISA Allege China Conducts Coronavirus Espionage


The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have accused China of conducting an espionage campaign to steal intellectual property from U.S. researchers involved in coronavirus (Covid-19) vaccine development.

In an advisory, U.S. authorities claim Chinese state-backed hackers are seeking “valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing,” an official told the New York Times ahead of the advisory's release.

The actual FBI advisory has since surfaced here.

Chinese officials have accused the U.S. of engaging in “rumor mongering without presenting any evidence,” claiming that China is leading Covid-19 research and vaccine development. It's possible, of course, that vaccine development and cyber intellectual property theft could run concurrently, with the latter possibly supporting the former. But no matter, the battle lines are being drawn.

Last week, the U.S. and U.K. cyber agencies warned that sophisticated hackers are “actively targeting” healthcare entities, pharmaceuticals, local governments, medical researchers and academics working to blunt the pandemic. DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) said advanced persistent threat (APT) actors are probing for Covid-19 intellectual property on national and international healthcare policy along with sensitive research data.

Both policy and research data carry high nation-state and commercial value. “CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to Covid-19,” Bryan Ware, CISA assistant director of cybersecurity, said last week.

Organizations involved in Covid-19-related research are especially attractive targets for APT actors looking to obtain information for their domestic research efforts into the contagion. Hackers often target inadequately fortified weak links in the supply chains of those operations rather than zeroing in on entities with stronger defenses. CISA and NCSC have said they have seen APT actors scanning the external websites of targeted companies and looking for weaknesses from unpatched software.

It's hardly surprising that potentially debilitating nation-state cyber crime on Covid-19 intellectual property is making the rounds. There's gazillions to be made by the first country to find an effective and safe vaccine to arrest the global crisis. Online crimes reported to the FBI's Internet Crime Complaint Center (IC3) have roughly quadrupled since the coronavirus (Covid-19) pandemic, spiking from 1,000 daily before the pandemic to more than 4,000 incidents in a day, officials recently said. Hackers are especially going after outfits that have publicly identified themselves as working on Covid-19-related research, the federal law enforcement agency said. While it’s not uncommon for nation state hackers to target the biopharmaceutical industry, the forays have gained steam in the crisis, authorities said.

A number of examples have surfaced in the last two months. In March, ransomware hackers hit 10x Genomics, a Pleasanton, California-based biotechnology research facility working to understand the human body’s immune response to speed development of a Covid-19 vaccine.

While the earlier U.S./U.K. joint alert did not point to any specific countries as responsible for intellectual property theft, the upcoming one is said to spring from the White House's continued drum beat that Covid-19 was developed in a Chinese lab, the public charge repeatedly whipped up by U.S. Secretary of State Mike Pompeo. Other authorities, including Gen. Mark Milley, Chairman of the Joint Chiefs of Staff, have maintained that no “conclusive evidence,” exists to support that claim, the Times reported. Anthony Fauci, the head of the National Institute of Allergy and Infectious Diseases, similarly believes the virus occurred in the wild.

“China’s long history of bad behavior in cyberspace is well documented, so it shouldn’t surprise anyone they are going after the critical organizations involved in the nation’s response to the Covid-19 pandemic,” Christopher Krebs, CISA director, told the Times.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.