Skip to main content

Cyber spies around the world are shifting their efforts to targets they previously ignored. Your business may be on their list. Efforts around hacking COVID-19 have spread as rapidly as the disease itself. Any business or government entity that works with trials, treatments, testing, or data analysis around the coronavirus disease should heighten their alert level now. 

It sounds like the premise for a movie. Iranian hackers target a multinational pharmaceutical company hoping to steal the cure for a deadly global pandemic. But it’s not a movie. It’s real life in 2020. And Gilead Sciences, Inc. is not the only entity that needs to be on high alert. Across the world, nation-state attackers are focusing on targets they might typically ignore. The global race for a cure should put all cybersecurity professionals on red alert. 

Nation-state hackers (sometimes known as APTs) are government-sponsored groups. They use cyber attacks to gather information on other countries or high-value corporate targets. They watch military operations, study defense systems, and keep a finger on the cultural pulse of their allies and enemies. Some actively meddle. Russian groups are suspected of launching hybrid attacks that take advantage of both software vulnerabilities and the habits of social media users. Other groups siphon secrets that they use for quieter purposes.

These hacking groups are never explicitly endorsed by their governments, but the world community understands that they are functionaries of their parent countries. China is especially well-known for its cyber spies. But plenty of other nation-states are getting in on the action. 

During the current pandemic, APTs have expanded beyond their typical government and military targets. Now, every organization worldwide that owns data about COVID-19 is threatened. Gilead was an obvious target. They are actively researching treatments for the disease and grabbing headlines for their potential progress

Vaccine Trial and Treatment Trial Participants

Less obvious targets include universities participating at any level in treatment studies or vaccine trials. And it’s not just the medical center that has to worry. Statisticians and other number crunchers on campus are handling coveted data too. Any information that points toward success or failure in an avenue of treatment should be regarded as a prize for hackers. 

Local Governments & Health Departments

Local governments and health departments are also emerging as data-rich targets. They test thousands of individuals with suspected coronavirus disease. The much-discussed (and needed) practice of contact tracing increases the amount of personally identifiable information (PII) that a health department gathers and maintains. It may not seem like much to the average person, but all that personal info is a worthy target in normal times. Marry the data up with its correlation to disease spread and prevalence, and it’s worth even more.


Hospitals were a popular target for hackers before the pandemic. Now that many are engaged in drug and vaccine trials, they need to beef up their vigilance when it comes to ransomware. Fresenius is Europe’s largest private hospital operator and owner of 40% of the dialysis clinics in the USA. The company was hit with Snake ransomware in late April or early May. The attack appears to be part of a larger effort by the Snake thieves that may still be in the process of ramping up. 

Hospitals are also staffing in new ways during the pandemic. Nurses, doctors, and other providers are being asked to work in unfamiliar departments. They are exhausted and afraid. Their diligence with regard to information security practices may fall off.

Consider, also, the clinicians who have bravely decided to work in “hot zones” where they do not typically practice medicine. They are skilled in their profession but perhaps unfamiliar with the security practices of a new (and temporary) facility. IT and cybersecurity staff in hospitals must develop protocols for these short-term employees. The challenge is to maintain a safe perimeter without overburdening the frontline workforce. 

Hospitals and health departments may be working with new vendors as personal protective equipment and other supplies run low. Cyber security in vendor relations remains as important as ever. Carefully consider how payment systems are set up. Remind supply chain staff to be cautious about falsified delivery status messages. And be wary of who is allowed on premises. 


Working from home remains a serious vulnerability for infosec to address. The Iranian hackers that targeted Gilead created a fake remote email login page. Their intended target was a Gilead legal affairs executive. It’s still not clear whether or not the attack was successful. Even so, Gilead has created a system for all COVID-related research to be completed on air-gapped computers. Any companies in health-adjacent fields should continue to be vigilant about the tools that enable remote work. Messaging applications, cloud-based document solutions, and FTP sites are all potential gateways for hackers. 

Cutting Edge Tools

On the bleeding edge of the hacking technology front, the Chinese group Naikon appear to have re-emerged recently with the “Aria-body” tool. This devious piece of code creates a back-door communication channel between the infected device and hackers. It records keystrokes and can obey instructions from hackers.

Aria-body was recently used in an attack on the government of Western Australia. The tool first appeared on a device within the Indonesian embassy. Then it travelled to the offices of a W.A. staffer working on health affairs. Luckily, the state government of Western Australia had recently ramped up its cybersecurity measures and was able to detect the attack before it caused serious harm.

Aware & Alert

If your business is working with any form of data related to the diagnosis, treatment, tracking, or analysis of COVID-19, it is in the crosshairs for attack. It’s time to test your existing systems for information security now. Asylas can help with both vulnerability assessment and penetration testing, as well as other services.

Please reach out to Asylas at or 615-622-4591. Or complete our contact form. We respond to every message and are eager to help you improve your security stance.

Leave a Reply