Oxford University lab with COVID-19 research links targeted by hackers

Compromised machines included those used in sample analysis.
Written by Charlie Osborne, Contributing Writer

An Oxford University lab conducting research into the coronavirus pandemic has been compromised by cyberattackers. 

Oxford University, one of the most prominent educational institutions in the UK, was made aware of the security breach on Thursday. 

The university confirmed that a security incident took place at the Division of Structural Biology lab, also known as "Strubi," after Forbes disclosed that hackers were boasting of access to the school's systems. 

Strubi's labs are used by students studying molecular and biological science, and during the COVID-19 pandemic, the Oxford team has been researching the virus itself and examining vaccine candidates. 

The school's latest publications include work on RNA strands and viruses, as well as antiviral agents. However, the group has not been directly involved in the development of the Oxford University-AstraZeneca vaccine. 

According to Forbes and Hold Security, the lab's "biochemical preparation machines" were compromised by the unknown attackers who boasted of their break-in to what appears to be lab equipment, pumps, and pressure tools in an attempt to sell access to their victim's systems.

Timestamps of February 13 and 14, 2021, were noted in evidence provided to the publication. 

Oxford University has confirmed the security breach. However, in a statement, the university said there "has been no impact on any clinical research, as this is not conducted in the affected area."

In addition, the cyberattackers do not appear to have compromised any system relating to patient data or records. 

"We are aware of an incident affecting Oxford University and are working to fully understand its impact," an Oxford University spokesperson told Forbes. 

The UK's GCHQ has been informed and the National Cyber Security Center (NCSC) will investigate the incident. 

This is not the first time a university may have been targeted with coronavirus or vaccine research in mind. In May 2020, the NCSC warned that threat actors from Russia, Iran, and China were targeting British universities and research hubs to steal research. 

The European Medicines Agency (EMA), unfortunately, was successfully attacked in December and the cyberattackers responsible then leaked stolen data relating to COVID-19 vaccines and medicines in January this year. 

In late 2020, Interpol warned of a wave of COVID-19 and flu vaccine-related cybercrimes. The law enforcement agency said that the worldwide pandemic had "triggered unprecedented opportunistic and predatory criminal behavior."

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards