The US and UK are investigating hacking incidents against pharmaceutical companies, medical groups and universities involved in research related to the coronavirus.
“Advanced Persistent Threat” groups, a term that refers to sophisticated hackers who are typically backed by a nation-state, are “actively targeting organizations involved in both national and international Covid-19 responses,” according to a joint alert from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre.
The APT hackers “may seek to obtain intelligence on national and international health-care policy, or acquire sensitive data on Covid-19-related research,” according to the alert, which was released Tuesday. The APT groups, or which government supported them, weren’t identified.
The joint warning comes as hackers have increased attempted cyber-attacks amid the ongoing pandemic. Cyber criminals have attacked hospitals with ransomware, and suspected nation-state actors have targeted World Health Organization officials. Hackers have also sought to capitalize on the pandemic, by using lures related to the crisis in “phishing” emails and espionage campaigns.
The APT groups “frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities,” the alert said. Organizations that play a role in research related to the coronavirus are “attractive targets” for hackers “looking to obtain information for their domestic research efforts into Covid-19-related medicine.”
The alert warned that hackers use a technique called “password spraying” to breach computer networks, essentially trying common passwords against large number of accounts. “This technique allows the attacker to remain undetected by avoiding rapid or frequent account lockouts,” the alert said. “These attacks are successful because, for any given large set of users, there will likely be some with common passwords.”