US-British Joint Alert: Hackers Target Coronary Disease Research Institute


The United States and the United Kingdom are investigating hacking incidents involving pharmaceutical companies, medical groups and universities involved in 2019 coronavirus disease (COVID-19) related research.

Bloomberg reported that a joint alert from the US Department of Homeland Security ’s Cybersecurity and Infrastructure Security Agency and the UK ’s National Cybersecurity Centre on Tuesday (5th) stated that "Advanced Persistent threat" (APT) groups are " Actively target organizations participating in national and international coronary disease response. " The term APT refers to advanced hackers who are usually supported by nation states.

According to the alert, APT hackers "may seek to obtain intelligence on national and international health policies or obtain sensitive data that changes related research." The alert did not indicate the APT gang or the government behind them.

At the time of the joint US-British alert, hackers increased cyberattack attempts during the new crown epidemic. Cybercriminals used ransomware to attack hospitals, and there were members of the nation-state suspected of targeting WHO officials. The hackers also tried to use the epidemic to exploit the profits and release the bait associated with the crisis through "phishing" emails and espionage.

The alert said that APT gangs “often targeted organizations to collect large amounts of personal information, intellectual property rights, and intelligence related to national priorities.” Organizations involved in coronavirus-related research are “attractive targets”, and hackers “hope to obtain relevant information Information helps medical research related to coronary disease in China. "

The alert stated that hackers used a technique called "password spraying" to destroy computer networks, essentially trying to use common passwords for a large number of accounts. "This technique can avoid fast or frequent account lockouts, thereby preventing attackers from being discovered," the alert said. "These attacks are successful because, for a large user base, someone may always use common passwords."