03/02/2021 / By Arsenio Toledo
“Portuguese-speaking” South American hackers have targeted the biomedical systems in a laboratory in the University of Oxford that is conducting research on the Wuhan coronavirus (COVID-19).
Officials from Oxford confirmed that its Division of Structural Biology, known as Strubi, was targeted by a cyber attack sometime in mid-February. The university was quick to point out that, while Strubi was researching the coronavirus, it was distinct from the Jenner Institute, the laboratory that developed the coronavirus vaccine in partnership with pharmaceutical company AstraZeneca.
Oxford was alerted to the breach in Strubi when screenshots of the attack were discovered inside the lab’s network. The hackers left these screenshots in one of their “poorly secured servers.”
The screenshots showed what appeared to be possible laboratory machines, one of which had the ability to “control pumps and pressure.” These controls, which ran on the Microsoft Windows operating system, had timestamps that showed the hackers infiltrated the lab between Feb. 13 and Feb. 14.
Alex Holden, the founder of Hold Security, a cybersecurity company based in Wisconsin, told Reuters that the hackers are “Portuguese speakers operating out of South America,” which means they are most likely from Brazil.
Holden’s firm was able to monitor the hackers’ online discussions, and found out that they were “criminally motivated.” Some of their conversations involved references to ransomware and demands for monetary payouts.
Holden refused to discuss any other possible leads regarding the identity of the hackers.
“There has been no impact on any clinical research, as this is not conducted in the affected area,” said the Oxford spokesman.
“We have identified and contained the problem and are now investigating further,” he added.
The National Cyber Security Center (NCSC) of the Government Communication Headquarters, the United Kingdom’s intelligence and security agency, was immediately alerted to the situation and signed on to aid in the university’s investigation.
The university has refused to name which specific facility in Strubi was affected by the cyber attack. The NCSC has refused to comment on the investigation, only saying that it was “working to fully understand [the cyber attack’s] impact.”
Alan Woodward, professor and cybersecurity expert at the University of Surrey, believes the hackers were searching Oxford’s servers for data regarding the virus or the vaccine.
“As the attackers were selling access, it suggests it was probably not a nation-state but a group who thought nation-states or those working on valuable intellectual property might pay for,” said Woodward.
Many vaccine research organizations and government health agencies have been targeted by cyberattacks since the beginning of the coronavirus pandemic. Many of these hacking circles are scrambling to secure the latest information regarding the development of vaccines and other coronavirus medication. (Related: Vaccine data from Pfizer and BioNTech possibly stolen in cyberattack against EU medicine regulation agency.)
Some of these hacking circles are potentially government-sponsored. The intelligence service of South Korea believes it was recently targeted by North Korean hackers who attempted to steal information about the coronavirus vaccines and treatments.
South Korea’s National Intelligence Service informed the country’s parliament that North Korean hackers attempted to obtain information regarding the vaccine technology. While the NIS refuses to name which specific pharmaceutical corporation was targeted, Member of Parliament Ha Tae-keung told reporters that the hackers went after Pfizer’s vaccine data.
“North Korea stole Pfizer [vaccine information] and attempted to steal [technology] from South Korean vaccine and pharmaceutical firms,” said Ha during a call with the Associated Press.
Kwon Bo-young, Pfizer’s public relations manager in its South Korean office, said in a message that the division was double-checking Ha’s claim with the global headquarters in New York City.
A spokesperson for North Korea has denied the country’s involvement. But the nation has been linked to many previous and prominent cyberattacks in recent years, including a 2013 attack that paralyzed South Korean financial institutions, a 2014 attack against Sony Pictures and a 2017 worldwide malware attack.
North Korea has a strong motivation to acquire information regarding coronavirus vaccines and coronavirus-related technology. The communist country’s healthcare system is crumbling, and many experts are very skeptical of the nation’s claim that it does not have any coronavirus cases.
North Korea is expected to receive nearly two million doses of an Indian-manufactured coronavirus vaccine during the first half of the year.
Learn more about the race to procure coronavirus vaccines, and the organizations desperate enough to try and steal information about them by reading the latest articles at Vaccines.news.
Sources include:
Tagged Under: AstraZeneca, coronavirus, coronavirus vaccine, covid-19, cyber warfare, cyberattack, cybersecurity, hack, hackers, North Korea, Oxford, Pfizer, South Korea, vaccine data, vaccine development, vaccine research
COPYRIGHT © 2017 CYBER WAR NEWS