WASHINGTON — The U.S. government issued a stark and unusual warning Wednesday asserting that China's efforts to hack health care and pharmaceutical companies pose a "significant threat" to the nation's response to the coronavirus pandemic.
In a joint statement, the FBI and the Department of Homeland Security's cybersecurity agency disclosed that the FBI is investigating "the targeting and compromise of U.S. organizations conducting COVID-19-related research" by the Chinese military and other Chinese hackers.
"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research," the statement said. "The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options."
The FBI urged organizations who suspect suspicious activity to contact their local FBI field office. DHS's Cybersecurity and Infrastructure Security Agency, known as CISA, said it would release technical details about the malicious attacks in the coming days.
"The reason we are calling out China in particular now is just because the scale has really amped up," a senior FBI official told NBC News, adding that China had stepped up cyber theft "at this moment of national crisis."
China is rushing to be first to develop a coronavirus vaccine, said John Demers, the Justice Department's assistant attorney general for national security.
"China has long engaged in the theft of biomedical research, and COVID-19 research is the field’s Holy Grail right now," he said. "While its commercial value is of importance, the geopolitical significance of being the first to develop a treatment or vaccine means the Chinese will try to use every tool — both cyber intrusions and insiders — to get it. These actions underscore how China has chosen not to work together to combat this disease. This is sad."
Bryan Ware, CISA’s assistant director for cybersecurity, said in a webinar last week that based on classified intelligence collection, “We are seeing a significant increase in espionage activities against vaccine research development. Directed at pharmaceutical companies, directed at laboratories, directed at R&D centers and universities and elsewhere."
He added, "Every country in the world has a national interest in getting that vaccine or antivirals or medications the soonest, the fastest, and should be expected to use all of their espionage resources to steal what they can from the United States.”
Notably absent from the announcement, however, was any indication of what steps the Trump administration plans to take to thwart or deter Chinese hacking, a problem that has bedeviled American and European governments and companies for decades. In 2012, the then-director of the U.S. National Security Agency called Chinese economic espionage "the greatest transfer of wealth in history."
A senior administration official told NBC News that U.S. Cyber Command, the military agency authorized to conduct offensive cyber action, is taking steps to stop state-sponsored Chinese cyber attacks when possible, but the official said the details are classified.
NBC News has previously reported that under Gen. Paul Nakasone, Cyber Command has stepped up its secret hacking of foreign computer networks in an effort to keep China, Russia, Iran and other adversaries on their heels, using terms such as "persistent engagement" and "defending forward" to describe the activity. Key questions remain unanswered, including whether American military hackers would respond offensively to disable or punish Chinese cyber attacks on private U.S. companies.
On May 6, the U.K.'s National Cyber Security Centre and the U.S. DHS updated their joint April 8 warning to hospitals and other medical institutions, saying hackers "may seek to obtain intelligence on national and international health care policy or acquire sensitive data on COVID-19 related research."
One tactic cyberattackers are now using against health care institutions is known as "password spraying," according to the advisory. The technique uses a single common word over many users on one network, in the hope that at least one account will be penetrated. The advisory also said outside contractors with access to medical information and research are often targeted.