Chinese hackers targeted U.S. biotech firms working on coronavirus vaccines and treatments, and other companies around the globe, according to U.S. prosecutors.
The United States Department of Justice (DOJ) charged two hackers on Tuesday, July 21, for breaking into companies for their own profit, as well as at the behest of a Chinese civilian spy agency. The indictment states that the two “researched vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology.”
Aside from U.S. companies working on coronavirus research, the hackers were also allegedly able to infiltrate a British artificial intelligence firm, a defense contractor in Spain, and a solar energy company in Australia. The hackers allegedly stole hundreds of millions of dollars in trade secrets, intellectual property, and other business information.
The hackers were successful in gaining access to networks by exploiting publicly known software vulnerabilities in web server software that was too new for users to install patches in time, according to the indictment.
The DOJ’s indictment comes less than one week after authorities revealed that Russian hackers targeted coronavirus vaccine research centers in the U.S., the United Kingdom, and Canada. The Russian hacking group, known as APT29, was able to infiltrate systems by conducting basic vulnerability scanning against external IP addresses owned by the various research organizations, according to a joint advisory made by the three countries.
As the race to create a successful coronavirus vaccine continues worldwide, hacking attempts such as these could greatly hinder researchers’ efforts and findings.
About 35 companies and academic institutions are currently searching for a vaccine. Even with these vaccine candidates in the works, experts are still predicting it could take more than a year for a vaccine to become widely available.
