Around the first week of February, 2020, a Chinese tech security company called 360 Security Technology reportedly blamedIndia-based hackers for attacking medical and healthcare organizations. They told the Global Times that they have evidence that India-based hackers are targeting Chinese medical organizations through a phishing scheme. However, they never provided any evidenceto the tabloid. The Chinese company held Advanced Persistent Threat (APT) from India as responsible for it. It should be noted that an APT is widely held as a nation state or state-sponsored group and is defined by Kaspersky to use, “…continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.”
The Chinese company further accused APT from India of conducting espionage in the Asian regions of China and Pakistan for obtaining research related information. On a second note, Zhao Gancheng from the Shanghai Institute for International Studies told Global Times that this may cool the already weak China-India relations and that India has yet not expressed a supportive gesture towards China during COVID-19 outbreak. Can it be that the Chinese have been playing a victim-card?
Going a year back in 2019, the China-based hackers were actively targeting healthcare services around the globe including India. The state sponsored Chinese APT22 and APT41 have actively spied on healthcare services in the past years. US-based cyber security firm FireEye had stated that China-based cyber criminals are stealing and selling data from healthcare research organizations globally that includes India. They further mentioned a certain bad actor that goes by the name of “fallensky519″ for stealing 6,800,000 records associated with an Indian healthcare website. In the early 2019, Chinese cyber espionage actors had reportedly used a malware called “EVILNUGGET” to target a US-based health center. All through the year, Chinese APTs showed immense interest in healthcare organizations all around the globe.
Amidst the on-going pandemic, FireEye reported that Chinese group APT41 has carried out broadcast campaigns and the US-based top national security officials have decided to single out China for carrying it out on the Department of Health and Human Services.
It is to be noted that the North Korea-based highly skilled Konni (APT37) has expanded its operations in countries like Nepal, India, US, Japan, Vietnam, Russia, China, Kuwait and several other Middle Eastern countries and has been suspected to work in collaboration with Kimsuky (known to the world as Velvet Chollima), a North-Korean threat actor group that was behing the Korea Hydro & Nuclear Power cyber terrorism attacks of 2014. Both Konni and Kimsuky have been found to be extensively active during the COVID-19 pandemic starting from
March 2020 and attacking various healthcare services using spear phishing emails containing CVE-2017-0199.
On 12th and 13th of March 2020, one of the largest COVID-19 testing facilities in the Czech Republic, the Brno University Hospital was hit by a major cyberattack that led to an immediate computer shutdown and was reportedly forced to cancel operations and relocate new patients to other hospitals. However, little has been known about the attack itself.
Very recently a report published by the reuters on March 24 announced that elite hackers, who still remain untraced, tried to break into the World Health Organization starting from March 13, 2020. And then according to the Washington Post, which cited a report from the SITE Intelligence Group, 25,000 email credentials belonging to the World Health Organization (WHO), the Gates Foundation and the US Centers for Disease Control and Prevention (CDC) were finally leaked online in the recent days. The report mentioned that they were being used by the far-right extremists and hacktivists to spread conspiracy theories regarding the pandemic. WHO has even released an advisory for the people about prevention from potential cyber attacks which can be found here.
