WASHINGTON — The U.S. government issued a stark and unusual warning Wednesday asserting that China’s efforts to hack health care and pharmaceutical companies pose a “significant threat” to the nation’s response to the coronavirus pandemic.
In a joint statement, the FBI and the Department of Homeland Security’s cybersecurity agency disclosed that FBI is investigating “the targeting and compromise of U.S. organizations conducting COVID-19-related research” by the Chinese military and other Chinese hackers.
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the statement said. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
The FBI urged organizations who suspect suspicious activity to contact their local FBI field office. DHS’s Cybersecurity and Infrastructure Security Agency, known as CISA, said it would release technical details about the malicious attacks in the coming days.
“The reason we are calling out China in particular now is just because the scale has really amped up,” a senior FBI official told NBC News, adding that China had stepped up cyber theft “at this moment of national crisis.”
Notably absent from the announcement, however, was any indication of what steps the Trump administration plans to take to thwart or deter Chinese hacking, a problem that has bedeviled American and European governments and companies for decades. In 2012, the then-director of the U.S. National Security Agency called Chinese economic espionage “the greatest transfer of wealth in history.”
A senior administration official told NBC News that U.S. Cyber Command, the military agency authorized to conduct offensive cyber action, is taking steps to stop state-sponsored Chinese cyber attacks when possible, but the official said the details are classified.
NBC News has previously reported that under Gen. Paul Nakasone, Cyber Command has stepped up its secret hacking of foreign computer networks in an effort to keep China, Russia, Iran and other adversaries on their heels, using terms such as “persistent engagement” and “defending forward” to describe the activity. Key questions remain unanswered, including whether American military hackers would respond offensively to disable or punish Chinese cyber attacks on private U.S. companies.
On May 6, the U.K.’s National Cyber Security Centre and the U.S. DHS updated their joint April 8 warning to hospitals and other medical institutions, saying hackers “may seek to obtain intelligence on national and international health care policy or acquire sensitive data on COVID-19 related research.”
One tactic cyberattackers are now using against health care institutions is known as “password spraying,” according to the advisory. The technique uses a single common word over many users on one network, in the hope that at least one account will be penetrated. The advisory also said outside contractors with access to medical information and research are often targeted.