Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Aerospace & Defense newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (May 13, 2020, 9:00 PM EDT) -- The FBI and U.S. Department of Homeland Security warned Wednesday that hackers backed by the Chinese government are aiming to steal American research on vaccines and treatments for the COVID-19 virus, part of a spike in cybersecurity threats during the pandemic.
Federal investigators are looking into the "targeting and compromise of U.S. organizations" researching COVID-19 by cybercriminals "affiliated" with the Chinese government, the FBI and DHS' cyber arm, the Cybersecurity and Infrastructure Security Agency, said in a joint alert.
"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research," the agencies said in the alert. "The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options."
U.S. officials did not provide any details on which organizations had been compromised or targeted or proof that the Chinese government had ordered the attacks, saying only that the FBI is investigating. But the authorities — saying they aimed to "raise awareness" of the issue — urged U.S.-based organizations involved in COVID-19-related research to be vigilant about cybersecurity, including by quickly patching known security vulnerabilities in their networks.
Organizations researching potential vaccines or treatments for the coronavirus should assume that any press reports linking them to the pandemic response "will lead to increased interest and cyber activity," the FBI and CISA warned. Potential targets should also be routinely scanning their systems for signs of unauthorized access and reporting "information concerning suspicious or criminal activity" to their local FBI field office, officials said.
Wednesday's alert comes as COVID-19 has brought with it a rise in cyberattacks, with industry experts pointing to the health care ecosystem as an obvious target.
Both Microsoft Corp. and Interpol have advised hospitals to be on the lookout for cybercriminals attempting to hold them hostage with ransomware attacks. And in March, the U.S. Department of Health and Human Services investigated a suspicious spike in activity on its network, in what security officials called a "cyber incident" that did not disrupt the agency's pandemic response.
U.S. officials have also, increasingly in recent years, publicly accused the country's adversaries — including not just China but also Russia, North Korea and Iran — of supporting cyberattacks on American institutions, either directly or in more subtle ways.
In 2015, President Barack Obama and Chinese President Xi Jinping reached a detente in which both countries agreed not to target the other's private businesses through cyberattacks for economic gain. But that agreement appears to have fallen apart, with the U.S. government, for example, accusing Beijing in December 2018 of orchestrating sweeping campaigns to loot sensitive data from American companies.
And in February, U.S. Attorney General William Barr publicly pointed the finger at the Chinese military for perhaps its most wide-reaching alleged cyberattack yet: hacking credit bureau Equifax to steal Social Security numbers and other personal data on nearly half of all Americans.
--Editing by Jay Jackson Jr.
For a reprint of this article, please contact reprints@law360.com.
