Support 100 years of independent journalism.

  1. Science & Tech
7 May 2020updated 01 Jul 2021 12:57pm

How British coronavirus researchers became a target for state-sponsored hackers

A new wave of cyberattacks has been linked to Russia, Iran and China, but these are not the only countries engaged in virus-related espionage.

By Oscar Williams

On 2 March, just a week before Covid-19 was officially classified as a pandemic, employees at the World Health Organisation began receiving unusual emails. The series of messages, sent to their personal accounts, ostensibly came from Google. But, as Reuters reported last month, they had been sent by hackers working on behalf of the Iranian government.

Although it’s not clear if the phishing campaign was successful, the incident was one in a series of attempts, part of a 200 per cent rise in cyber attacks targeting the UN health agency, which has led the international response to the pandemic. Security experts believe the attacks could have been motivated by an assumption among some governments that the WHO may have known more than it publicly disclosed, and that there was valuable intelligence to be gained.

Nearly two months later, with research on vaccines and potential cures advancing, state-sponsored attackers appear to have turned their sights to a new range of targets: coronavirus research labs. Earlier this week, the National Cyber Security Centre (NCSC) issued a joint advisory with its US counterpart, revealing that British and American coronavirus researchers are witnessing a surge in attacks.

“[NCSC] and [the] US Cybersecurity and Infrastructure Security Agency (CISA) have seen large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organisations,” the British security agency said on Tuesday (5 May). “The ‘advanced persistent threat’ (APT) groups target such bodies to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.”

In their advisory, neither NCSC nor CISA disclosed the nationality or allegiance of those responsible for the attacks. Attribution is difficult at the best of times, and hacking groups often operate at a deniable distance from the governments that are thought to sponsor them.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

However, the Mail on Sunday reported over the weekend that Iran and Russia had been linked to attacks on British research, while the Guardian reported that China was also a likely suspect. The country has regularly been accused of stealing sensitive intellectual property from Western organisations. 

Content from our partners
The cost-of-living crisis is hitting small businesses – Liz Truss must act
How industry is key for net zero
How to ensure net zero brings good growth and green jobs

Although none of the attacks appear to have led to a successful breach yet, Oxford University, whose researchers started trialling a vaccine candidate last month, has said it has taken steps to bolster its defences. Researchers at Imperial College London and Bristol University are also preparing possible vaccines for human trials, and may also be at risk.

“If you’re a smaller country like Iran or even somewhere like Russia, as capable as it is, it’s probably not quite up there with the US and UK when it comes to medical research,” says Alan Woodward, a professor of cyber security at the University of Surrey. “Whereas the original WHO attacks were about, ‘Well, what do they know about how this is spreading?’, this is about, ‘Who’s done what in terms of developing a vaccine and a cure?'”

For NCSC and CISA, the motivation for going public with such warnings is twofold. Firstly, says Woodward, security agencies will want to ensure organisations aren’t “disrupted at a time of real significance” which “could be a side-effect of these attacks”, and secondly, because “you don’t want to suddenly find that something that is valuable is stolen”. 

Although NCSC has condemned the attacks as “reprehensible”, it appears that GCHQ, its parent agency, is also carrying out coronavirus-related espionage — albeit of a different kind. The Australian Daily Telegraph reported over the weekend that the Five Eyes intelligence alliance — constituting Australia, Canada, New Zealand, the UK and the US — had produced a dossier showing that while Covid-19 had not been created in a lab, the Chinese government had destroyed evidence of the initial outbreak. 

“I imagine [GCHQ] will now be trying to get intelligence on what’s happening, rather than trying to steal research,” says Woodward. “What’s truly happening? Is there a second wave? [That will be the focus], rather than trying to steal intellectual property; they’re probably confident we can develop that ourselves.”

Topics in this article: