Tag Archives: cyberspying

Washington Accuses Beijing Of Hacking US Covid-19 Research

THE US CYBERSECURITY and Infrastructure Security Agency (CISA) is warning US universities and researchers at pharmaceutical and healthcare firms of attempts by what it says are Chinese state-affiliated hackers to steal coronavirus research.

According to an alert the agency put out jointly with the FBI today:

These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.

That last might be a logical stretch. Yet it underlines what would be a potentially significant escalation of US-China tensions, both from the attempt to steal US research while calling for international cooperation in addressing the pandemic and from how Washington could regard a cyber-attack on public health in terms of its national security and thus what would be proportionate retaliation or preemptive strikes.

The published alert is light on operational details and damage caused, but US intelligence officials have been privately briefing that the attacks started in early January and that Iranian actors were doing much the same. Private-sector cybersecurity firms previously identified Gilead Sciences, maker of the antiviral drug remdesivir, a potential Covid-19 treatment, as the target of Iranian hacks.

US intelligence and academic circles take it as a given that Iranian and Chinese and (and Russian) hackers have been targetting US biomedical research since long before the coronavirus outbreak started. But a race is now on for the bragging rights as the first country to produce a vaccine against Covid-19, giving impetus to more intense cyber attacks.

Conspiracy theories about where the Covid-19 pandemic started may divide Americans. However, they will readily believe the allegations of these latest alleged hacks. That will give US President Donald Trump scope to attack China again over its handling of the pandemic. Beijing’s public response to the allegations will likely to be to play a straight bat and repeat its standard line that it opposes all cyber espionage.

Today’s CISA alert also provides some context for Trump’s outburst earlier this week towards a US reporter who asked him why he regarded how the United States was dealing with the pandemic in terms of global competition. He testily replied, ‘that’s a question you should ask China. Don’t ask me, ask China that question, okay?’ before prematurely ending the press conference.

Leave a comment

Filed under China-U.S.

China-Based CyberSpy Ring Hacks Asian Governments

Canadian researchers say they have uncovered a global cyberspy network that snoops into government computers, and is based mainly in China. The researchers say they have no evidence Beijing is behind the ring and authorities have denied it, too, but their report is bound to stir up old suspicions, and especially as it was prompted by a request from the Dalai Lama to check whether the computers of his exiled organization had been hacked.

What the subsequent 10-month investigation by Information Warfare Monitor, which comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto’s Munk Centre for International Studies, found was that 1,295 computers in 103 countries had been infiltrated, including machines in the foreign ministries of eight countries and various embassies of 11 more. The cyberattacks were mainly against Asian governments. Computers of international organizations, non-government organizations and news media were also hacked, the researchers say.

The cyberspies were able to take control of compromised computers and to send and receive classified data from them, creating a surveillance system the researchers dubbed GhostNet after the ghOst RAT trojan horse malware that was used, and which they traced back to commercial internet access accounts located on Hainan Island.

From the IWM report:

While our analysis reveals that numerous politically sensitive and high value computer systems were compromised in ways that circumstantially point to China as the culprit, we do not know the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. One of the characteristics of cyber-attacks of the sort we document here is the ease by which attribution can be obscured.

Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. Indeed, although the Achilles’ heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesize that it is neither the first nor the only one of its kind.


Filed under Politics & Society