Vaccine Research 'Fair Game for Cyber-Spies,' Expert Warns After Chinese Hackers Tied to Moderna Attack

As long as scientists researching a COVID-19 vaccine, cyber-espionage groups will be hunting for ways to steal it, experts say.

Reacting to a Reuters report identifying biotechnology company Moderna as a victim of a Chinese-backed hack back in January, likely intended to steal virus research secrets, cybersecurity experts told Newsweek the threat of hacking is ever-present.

"The targeting of pharmaceutical research is not something new for state-sponsored hackers and I'm afraid cases like this are considered fair game for cyber-spies," Stefan Tanase, an intelligence expert at CSIS Security Group, told Newsweek.

"What we're witnessing right now is a direct result of the current global situation, where there's an ongoing race to discover an efficient vaccine against COVID-19."

Tanase elaborated: "This race has led multiple state-sponsored hacking groups to ramp up their operations targeting the pharmaceutical industry. We shouldn't be surprised these attacks are happening. What would be surprising is if they stopped."

The news that Moderna was in the crosshairs of Chinese-backed hackers came after British Intelligence warned that a notorious Russian group known as APT29, or Cozy Bear, was attempting to infiltrate and steal data on vaccine research.

Massachusetts-based Moderna is one U.S. company hard at work to develop a viable treatment for a novel coronavirus, which has been linked to more than 152,000 deaths in the U.S. Its COVID-19 vaccine candidate is known as mRNA-1273.

Citing a U.S. security official, Reuters confirmed that Moderna was one of three groups referenced in an indictment unsealed by the Department of Justice last week, which accused two Chinese hackers of a series of cyberattacks dating back a decade.

Federal prosecutors revealed an 11-count indictment naming two suspected hackers, Lo Xiaoyu, 34 and Dong Jiazhi, 33, as having links to a Chinese intelligence agency, the Ministry of State Security, but also working for their own financial gain.

The DoJ noted the hackers recently "probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments." It was not immediately clear if the activity was explicitly ordered by the government.

Reuters noted two additional companies matched the description of additional victims of the reconnaissance mission: Gilead Sciences Inc and Novavax Inc.

"It's certainly consistent with state activity," Robert Pritchard, a cybersecurity specialist who previously held roles in the U.K. government, told Newsweek.

"We don't really have good visibility of the interior workings of the Chinese intelligence apparatus, so it's hard for us as observers to know who has the lead. The MSS is huge and it doesn't seem unreasonable they would be the lead collection agency.

"I think this is part of a trend that has been ongoing for much longer than COVID-19. I would expect a lot of pharma and biotechnology companies are pretty familiar with the threat of cyber espionage, especially from Chinese threat actors."

"It's not a new activity and is a routine way of meeting intelligence requirements—clearly right now anyone who looks like they might be ahead of the game when it comes to a COVID-19 vaccine is going to have an edge others want to get," Pritchard added.

A spokesperson for China's Ministry of Foreign Affairs, Wang Wenbin, today rejected the accusation that hackers were working on the state's behalf as "baseless".

"We... do not nor need to engage in theft to achieve this leading position," Wang said during a press conference, asserting that China is leading vaccine development.

Announcing the indictment last Tuesday, U.S. Attorney William Hyslop said the named hackers had "operated from China both for their own gain and with the assistance and for the benefit of the Chinese government's Ministry of State Security."

Sean Wright, an independent cybersecurity researcher, told Newsweek that it would be difficult to prove government involvement based on the public information, suggesting cybercriminals could also be hunting COVID-19 research for financial gain.

"These governments will try their best to distance themselves. So I doubt there will ever be any concrete evidence to show the government's involvement," he said.

"I don't think it is at all surprising given what's at stake. We have the world pandemic, which has cost dearly. Hopes are pinned on a vaccine as a way to get back to normality and try to start the effort of recovery. So whoever develops this vaccine will be very popular as well as potentially standing to make a tremendous amount of money."

Federal officials said the hackers responsible had been "conducting reconnaissance" on the researchers' computer networks, indicating no data was exfiltrated.

Moderna spokesperson Ray Jordan told Reuters the company remains "highly vigilant to potential cybersecurity threats" and has "good working relationships with outside authorities to continuously assess threats and protect our valuable information."

Novel coronavirus vaccine candidate
This picture taken on May 23, 2020 shows a laboratory technician holding a tray with doses of a COVID-19 novel coronavirus vaccine candidate ready for trial on monkeys at the National Primate Research Center of Thailand at Chulalongkorn University in Saraburi. MLADEN ANTONOV/AFP/Getty