Hackers Trying to Steal COVID-19 Research from U.S. and U.K. Institutions

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have exposed malicious cyber campaigns targeting organizations involved in the coronavirus response, in a joint statement released on May 5.
  • The agencies warned that a recent series of government-backed hackers are attacking universities, healthcare organizations, research facilities, pharmaceutical companies and local governments in an effort to steal valuable information about efforts to contain the new coronavirus outbreak including information on vaccine development.
  • The CISA and the NCSC did not say which countries were responsible for the attacks however it is understood that nations including Iran and Russia are behind the hacking attempts. Experts have said China is also a likely perpetrator.
  • Tehran, Beijing and Moscow have all repeatedly denied conducting offensive cyber operations and say they are the victims of such attacks themselves.
  • So far, none of the hacking attempts have been successful.
  • CISA and NCSC stated they “have seen large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organizations.”
  • ‘Password spraying’ is the attempt to access a large number of accounts using commonly known passwords. The agencies recommend taking actionable steps to protect themselves.