Updated: Feb 9, 2021
WASHINGTON - For months, U.S. officials have been warning about a spike in cyberattacks during the coronavirus pandemic, but they’ve stopped short of pointing fingers at any one country. Now, as the all-out global race for a coronavirus vaccine accelerates and hackers home in on related scientific research, U.S. officials are preparing to single out a long-standing cyber adversary: China. In a joint warning slated for the coming days, the FBI and the Department of Homeland Security reportedly plan to publicly accuse China of seeking to pilfer U.S. research related to coronavirus vaccines, treatments and tests.
Tab Bradshaw, COO of Redpoint Cybersecurity and a member of the Department of Homeland Security’s advanced information sharing working group, confirmed the planned warning in an interview Monday. “I think it’s what should be happening,” Bradshaw told VOA. “It’s a political move to call out the Chinese Communist government and to state to the world that they’re actively trying to steal U.S. technology.” The FBI did not have a comment. DHS did not respond to a request for comment.
The U.S. has long branded China along with Russia, North Korea and Iran as a major source of cyberattacks, accusing Beijing of pilfering U.S. intellectual property in a bid to gain a competitive edge over the United States.
“What else is new with China? Tell me,” President Donald Trump said during a White House press briefing when asked about the report of alleged Chinese theft of vaccine research.
Publicly accusing China of seeking to steal proprietary research related to COVID-19 vaccines is likely to exacerbate tensions between Beijing and Washington as the Trump administration continues to pin the blame for the pandemic on China where it originated, and for failing to act quickly enough to warn other countries and block the spread of the coronavirus.
The FBI-DHS warning comes on the heels of a joint alert issued last week by U.S. and British cyber officials. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Britain’s National Cyber Security Center said they were investigating a number of incidents involving pharmaceutical companies, medical research organizations and universities.
“Organizations involved in COVID-19-related research are attractive targets for … [hackers] looking to obtain information for their domestic research efforts into COVID-19-related medicine,” the agencies said in a statement.
The feverish search for a COVID-19 vaccine is taking place in several countries around the globe. The World Health Organization (WHO) is currently tracking eight vaccines in the clinical evaluation phase, including two in the United States and four in China. That is on top of at least 100 vaccine candidates in the preclinical evaluation stage around the world.
For China, the ability to rapidly manufacture a successful vaccine is as much about gaining a geopolitical edge over the U.S. as promoting public health, officials say.
“It’s of great importance not just from a commercial value but whatever countries, company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story,” John Demers, the Justice Department’s top national security official, said last month.
Given China’s decades-long history of intellectual property theft, the notion that Beijing might be trying to steal research related to coronavirus vaccines and treatments is not far-fetched, Demers said.
“It would be beyond absurd to think well, the Chinese, they care about all this other stuff, but this they’re going to lay off,” Demers said.
Cyberattacks traced to China and other countries picked up pace following the coronavirus outbreak, with ransomware operations seeing a big uptick.
A Chinese cyber espionage group known as APT-41 has long-targeted research universities and is “getting a lot of attention right now because of COVID-19,” Bradshaw said.
In January, hackers tied to the Chinese government attacked health care providers and companies in other sectors, according to cybersecurity firm FireEye. FireEye called it “one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years.”
China is not the only country involved in cyberattacks during the pandemic. Google’s Threat Assessment Group has identified more than a dozen groups of government-backed hackers using COVID-19 themes to gain access to computer networks.
Google did not name the countries, but private sector cybersecurity firms have identified several state actors.
From January to April, Vietnamese hackers launched cyberattacks on Chinese targets in order to collect intelligence on the coronavirus crisis, FireEye reported last month.
In April, Iranian hackers reportedly launched an attack on Gilead Sciences, the maker of remdesivir, the drug recently approved by FDA as a treatment for COVID-19. While the attacks have involved a wide range of activities — from criminals targeting Italian financial institutions to North Korean hackers targeting organizations in South Korea — vaccine and treatment research remains a favorite target of state-sponsored actors “There is nothing more valuable today than biomedical research relating to vaccines for treatments for the coronavirus,” Demers said.