US Accuses China of COVID-19 Centric Cyberattacks

By Jarren Buendia on July 9, 2020

Executive Summary:

According to multiple OSINT sources, the United States is moving to accuse China of conducting directed cyberattacks against them, in response to the current COVID-19 pandemic. The attacks are, reportedly, targeting COVID-19 treatment and vaccination research. Prior to this joint statement released by the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS-CISA), the US and UK had released a separate statement in early May, alleging that healthcare/government institutions were targeted by foreign cyberattacks (without explicitly naming suspects). As global efforts continue to address this global pandemic, it would seem that the rules of engagement, when regarding international espionage, have shifted. Cyberspace superpowers have reported, and conducted, numerous cyber-activities; however, smaller players have also thrown their hat into this ring. If accusations are true, then the public announcement that nations are taking jabs at each other sheds light on the issue of selective international cooperation. Additionally, if the US names China as their primary target in accusing countries of COVID-19 intelligence gathering, it has the potential to initiate increasingly deeper cyber-activities against the country, justify policy changes, and attempt to foster nationalist behavior against China.

Open Source Intelligence (OSINT) Details:

As stated above, the US and the UK released a cooperative statement in early May alleging that, “health care bodies, pharmaceutical companies, academia, medical research organizations and local governments” were all targets of increased cyberattacks (which have exploded in frequency thanks to COVID-19) (Sanger & Perlroth, 2020). The next week, outlets like the Guardian, Wired, BBC, etc., were reporting that the FBI is moving to directly accuse China of conducting cyber espionage, in order to gather intelligence about the US’ COVID-19 research data. The statement reads as, “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options” (Breuninger, Macias, Stankiewicz, 2020). Additionally, and more directly, “China is seeking valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing” (Sanger & Perlroth, 2020).

However, according to OSINT sources, the US, UK, and China aren’t the only countries involved in these sorts of accusations. As shelter-in-place orders spread across the world, it gives malicious actors an opportunity to penetrate generally softer defenses, such as a home network vs. a government/corporate-protected network (Sanger & Perlroth, 2020). In addition to abruptly shifted working structures, COVID-19 information is invaluable. According to the intelligence analysis director of FireEye, John Hulquist, “The prospects for deterrence are dim, because the stakes are very high.” According to the NY Times, Israel has accused Iran of attempting to cut off water supplies to Israeli homes, in late April (Sanger & Perlroth, 2020). They also stated that Iranian hackers attempted to breach the internal network(s) of Gilead Sciences, which is a prominent organization in COVID-19 treatment research (primarily, through their work on the drug, remdesivir) (Sanger & Perlroth, 2020). According to the NY TImes once more, even Vietnamese and South Korean nation-state hackers, countries not particularly known for their cyber-capabilities, have targeted the World Health Organization (WHO), Chinese officials, Japan, and even the United States (Sanger & Perlroth, 2020).

Potential Impacts:

Firstly, if allegations are true, this situation brings to light how nations truly see each other. Even in the face of a global pandemic, there are multiple situations at play, at all times. If cyber-adversaries compromise proprietary COVID-19 information, the US loses leverage. If the US has a lead in the vaccination department, that edge is lost if someone else knows what the US is hiding. For example, the US’ 2009 allegations that China stole sensitive data on Lockheed Martin’s F-35 fighter jets (BBC, 2020). If the US isn’t carrying the biggest “fighter jet stick,” it loses both hard and soft power in certain situations. The same can be applied to COVID-19 treatments.

Secondly, while the race to respond, prevent, and immunize against COVID-19 appears to be at the forefront of the global mindspace, it seems that the rules of international espionage have “changed.” According to a Wired article, while countries may proclaim they are willing to collaborate internationally on finding a vaccine, they are also willing to conduct their own espionage to see what others may not be saying upfront. Jason Healey, a senior research scholar at Columbia University, stated that while the US may be naming China specifically, the FBI/CISA joint statement did not specify that it was on the grounds of gaining national security, or a competitive, edge. It would appear that they are arguing “norms” (Newman, 2020). The norms that Healey mentions is simply a reference to the generally accepted code of conduct that happens during normal espionage activities. While everyone who can do it, does, there is still a limit to what is acceptable, before it warrants aggression (Newman, 2020). As mentioned above, John Hulquist states that the stakes in this race against COVID-19 are too high to not take this crisis seriously. Thusly, although some malicious actors in the past have attacked hospitals, who were too overstretched or lacked the resources to prioritize cybersecurity, simply because they were easy targets, we see an increase in espionage activities conducted against healthcare institutions in response to the global pandemic. Compromising information this important could lead to swift retaliation, which brings us to the US and China.

Relations between the US and China are strained, as evident through the F-35 fighter jet allegations, as well as the indictment of four Chinese officers last year (BBC, 2020). With these publicly announced allegations, it would appear that the US has a few goals in mind; first is legislative justification. According to the NY Times, directly naming China as the perpetrator is part of a broader deterrent strategy that involves US Cyber Command and the National Security Agency (NSA). Per legal authorities issued by President Trump, these entities, “have the power to bore deeply into Chinese and other networks to mount proportional counterattacks” (Sanger & Perlroth, 2020). Second is an attempt to foster nationwide, nationalist mindsets against China, similar to the Cold War and the Soviet Union. While some examples, including those not listed here, have been walked back, pushed back, or otherwise received poorly by the general public, they nonetheless occurred. Secretary of State, Mike Pompeo, stated that there is “enormous evidence” that COVID-19 was created by a Chinese lab in Wuhan (Sanger & Perlroth, 2020). Christopher Krebs, CISA director, stated that, “China’s long history of bad behavior in cyberspace is well documented, so it shouldn’t surprise anyone they are going after the critical organizations involved in the nation’s response to the Covid-19 pandemic” (Sanger & Perlroth, 2020). FBI officials have presented largely unclassified briefings at major universities about the threat of spies (Sanger & Perlroth, 2020). Lastly, the joint statement itself indicates that China’s espionage is compromising COVID-19 research and vaccine development, essentially stating that their actions are leading to the deaths of Americans.

Significance:

In regards to significance, there are four main points that follow: decrease in hard/soft power, escalation spiral, nationalism, and attention-shifting. Firstly, decrease in leverage power. It is in any country’s best interest to stack the odds in their favor. When that is the case, they can make the rules and set their demands as high as possible. While this is nothing new, the criticality of the current global pandemic is all-encompassing. If the US can leverage COVID-19 information, the results could be unprecedented. Secondly, escalation spiral. As stated above, the NSA and US Cyber Command have the legal power to conduct proportional counterattacks. Proportional means that retaliation is at least as damaging, penetrative, effective, etc., as the initial attack. However, proportionality is completely relative to the last event. Justification for further and further escalation could be the stepping stones for an all-out cyber conflict between “us” and “them.” Second, nationalism. It is touched upon in the NY Times article, but the way statements, indictments, allegations, and even presidential tweets are worded, it would appear that these words are trying to foster nationalist mindsets against China, intentionally or not. While China may not be the only adversary on the government’s radar, justifying proportional counterattacks, changing policies and acceptable boundaries in international espionage, and garnering general support from the public is much easier when the “us vs. them” lines are established. Lastly, attention-shifting. Something that was mentioned above is that South Korea had conducted espionage against the US, an ally. For reasons also mentioned previously, these kinds of actions are in light of the current crisis. Potentially, through continuous charges against, and commentaries about, China victimizing the US, the US is attempting to garner support and goodwill for future (proportional) activities against China.

Sources:

“China hacking poses ‘significant threat’ to US Covid-19 response, says FBI.” 14 May 2020. Retrieved From: theguardian.com. Retrieved: 17 June 2020.

“China-linked hackers are targeting US coronavirus vaccine research, FBI warns.” 13 May 2020. Retrieved From: cnbc.com. Retrieved: 17 June 2020.

“Coronavirus: US accuses China of hacking coronavirus research.” 14 May 2020. Retrieved From: bbc.com. Retrieved: 17 June 2020.

“Hostile states trying to steal coronavirus research, says UK agency.” 03 May 2020. Retrieved From: theguardian.com. Retrieved: 17 June 2020.

“U.S. to Accuse China of Trying to Hack Vaccine Data, as Virus Redirects Cyberattacks.” 10 May 2020. Retrieved From: nytimes.com. Retrieved: 17 June 2020.

“The US Says Chinese Hackers Went Too Far During the Covid-19 Crisis.” 14 May 2020. Retrieved From: wired.com. Retrieved: 17 June 2020.