Cancer research organizations are now the focus of Chinese hacking groups
Chinese advanced persistent threat (APT) groups are honing in on cancer research institutes in recent cyberattacks in order to steal their work, researchers say.
Cancer is the second leading cause of death worldwide and claimed the lives of 9.6 million individuals in 2018. The World Health Organization (WHO) estimates that one in six deaths annually are caused by cancer, and with these high mortality rates, researchers across the globe are working towards ways to improve detection and treatment.
Security
China, too, is contributing -- but cybersecurity firm FireEye says that facing cancer's impact on society, death rates, and the cost of care, the country is not above using nefarious methods to speed up research goals.
On Wednesday, FireEye published a new report on the state of cybercrime in the healthcare industry. Titled, "Beyond Compliance: Cyber Threats and Healthcare," the research claims that Chinese APTs -- many of which are state-sponsored -- continue to target medical entities, and cancer-related organizations are a common target.
See also: 700,000 Choice Hotels records leaked in data breach, ransom demanded
One of the most recent campaigns suspected to be the work of a Chinese APT was discovered in April. In this case, a US health center that is known for cancer research was targeted through a tailored phishing campaign which delivered EVILNUGGET malware.
A year prior, APT41, a Chinese hacking group linked to attacks against healthcare, technology, telecommunications, education, and gaming businesses, launched a spear-phishing campaign against the same entity.
Between 2014 and 2016, APT41 was also connected to attacks against an enterprise company that owned a medical device unit. Spoofed domains and tools used revealed that compromising the medical subsidiary for the purpose of data theft was the true goal.
A keylogger was first deployed and after a round of data theft, a digital certificate issued by the victim was compromised and utilized to sign malware payloads destined for use in attacks against other medical groups.
APT41 used this certificate against a biotech company in 2015, for example, and was able to steal clinical trials data of developed drugs, academic information, and research funding-related documents.
CNET: The best password managers of 2019 and how to use them
If that wasn't enough, APT22, a separate Chinese APT, has also launched attacks against the aforementioned cancer research institution and has, overall, been actively striking healthcare organizations for a number of years. This particular APT tends to focus on biomedical and pharmaceutical companies.
In 2017, China's APT10 was caught sending spear-phishing emails to a Japanese medical firm. Some of the crafted messages sent related to cancer research conferences.
APT18, also known as Wekby, is also worth mentioning. This hacking group, tied to China, has been targeting cancer research organizations since 2013.
During such attacks, the threat actors tend to focus on the theft of large sets of personally identifiable information (PII) and protected health information (PHI), as well as research-based, confidential works.
TechRepublic: How to prevent data destruction from cybersecurity attacks
FireEye added that these attacks might not simply be focused on the research itself, but also its intrinsic financial value.
"[China] has one of the world's fastest-growing pharmaceutical markets, creating lucrative opportunities for domestic firms, especially those that provide oncology treatments or services," the researchers say. "Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors."
How to discover and destroy spyware on your smartphone (in pictures)
Previous and related coverage
- Here's the one surprising lesson I learned as a victim of debit card fraud
- Less than one in 10 Americans take necessary steps to prevent identity theft
- Encryption has created an uncrackable puzzle for the real world
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0