Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
Continue Reading Below
WASHINGTON— Chinese and Iranian hackers are aggressively targeting American universities, pharmaceutical and other health-care firms in a way that could be hampering their efforts to find a vaccine to counter the coronavirus pandemic, U.S. officials said.
Since at least Jan. 3, the two countries have waged cyberattacks against a range of American firms and institutions that are working to find a vaccine for Covid-19, the disease caused by the coronavirus, officials said.
The attacks have raised the prospect among some officials that the aggression could be viewed by the Trump administration as a direct attack on U.S. public health and tantamount to an act of war, they said, because the attacks may have hindered vaccine research in some cases. Such an interpretation would represent an escalation of how the U.S. government views cyberattacks against the country.
The issue has sounded alarms across the government. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, the cyber wing of the Department of Homeland Security, on Wednesday are expected to issue what officials called a “public service announcement” with respect to China, saying Beijing is sponsoring widespread cyberattacks intended to steal vaccine research. The FBI and DHS declined to comment.
The Trump administration also has collected intelligence that Iran or its proxies separately have been targeting some of the same facilities, according to senior administration officials who declined to provide additional details. One technique Iran has favored is so-called password spraying, a relatively unsophisticated hacking technique that attempts to compromise an organization by rapidly guessing common account-login passwords.
The effects of the attacks on efforts to find a vaccine were hard for U.S. officials to quantify, and they declined to provide evidence or to detail the intelligence on which their assessments are based. Intelligence gleaned by the administration in recent weeks formed the basis of the assessments, officials said.
Administration officials said China was the primary adversary conducting cyberattacks amid the coronavirus outbreak, with its attacks more widespread and frequent.
The attacks themselves have been disruptive, undermining the efforts of American research institutions and firms trying to find a vaccine for Covid-19, officials said. It wasn’t clear if the damage to some of the research was intentional or not, officials said, likening such instances to a house burglar who by cleaning his own fingerprints causes inadvertent damage to the home, officials said.
U.S. officials said that even an errant keystroke by a hacker targeting such health-care facilities could “irreversibly harm” efforts to find a vaccine.
“It is difficult, and sometimes impossible, to know what motivates such malfeasance, but any such activity carries with it the risk of triggering accidental, disruptive effects,” one senior administration official said.
China and Iran historically have denied targeting the U.S. with cyber espionage. Chinese Foreign Ministry spokesman Zhao Lijian said earlier this week China opposed cyberattacks of all forms and was leading in the research for a Covid-19 vaccine and treatment.
“It is immoral for anyone to engage in rumor-mongering without presenting any evidence,” he said in a briefing Monday.
The decision to publicly call out China comes amid a global race to find a vaccine to control the coronavirus outbreak. Securing and producing vaccines in mass quantities could take at least 12 to 18 months, top government scientists have said, but reaching that goal first not only would help restore public health and economic stability, but potentially would hold enormous geopolitical implications.
It is unusual for the U.S. government to formally blame another country for cyber activity so quickly after an attack is identified, given sensitivities around classified intelligence. Wednesday’s alert won’t contain technical information demonstrating how officials have arrived at their conclusion of China’s involvement in coronavirus-related cyber espionage, but such information may be shared with relevant organizations privately, an official said.
Universities and research institutions have long been of interest to Chinese state-sponsored hackers intent on pilfering biomedical advances and gaining access to classified defense projects and other sensitive information. Due to their collaborative nature, they are widely viewed as weak points for hackers to target.
Entities working on biomedical research “were being targeted long before this crisis arose by the Chinese,” said John Hultquist, the director of intelligence analysis at the U.S.-based cybersecurity firm FireEye. Mr. Hultquist said FireEye had seen evidence that Iran and Russia had both targeted U.S. medical research groups during the pandemic, but China may have had a head start.
“China had already recognized the value of these targets,” Mr. Hultquist said. “They are just more invested in targeting them right now. And they’re not alone.”
Among Iran’s recent targets is the pharmaceutical company Gilead Sciences Inc., which has produced the antiviral drug remdesivir that was recently given emergency-use authorization by the Food and Drug Administration as a potential Covid-19 treatment. Reuters previously reported on Iran’s suspected attacks against Gilead.