Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Chinese Cyberspies Continue Targeting Medical Research Organizations

Chinese cyberspies continue targeting medical research organizations in the U.S. and elsewhere, and cancer-related research appears to be of particular interest, FireEye said in a report published on Wednesday.

Chinese cyberspies continue targeting medical research organizations in the U.S. and elsewhere, and cancer-related research appears to be of particular interest, FireEye said in a report published on Wednesday.

According to FireEye, multiple China-linked advanced persistent threat (APT) groups have targeted entities involved in healthcare research and the focus on cancer-related research is likely a result of “China’s growing concern over increasing cancer and mortality rates, and the accompanying national health care costs.” Some reports say cancer is the leading cause of death in China.

These threat actors are likely also financially motivated considering that China has one of the world’s fastest-growing pharmaceutical industries. “Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors,” FireEye said in its report.

The cybersecurity firm has provided several examples of Chinese cyberspy groups targeting healthcare organizations.

One of the most recent attacks was observed in April 2019, when a threat actor delivered a piece of malware tracked as EVILNUGGET to a U.S.-based health center that conducts cancer research. The organization was also targeted by other Chinese groups in the past, including by APT41, whose attack on a U.S. research university was described by FireEye in a blog post published this week.

APT41 also targeted, between 2014 and 2016, a medical devices subsidiary of a large corporation. While the parent company was targeted initially, some evidence suggests that the hackers were more interested in the subsidiary.

In 2015, APT41 was spotted targeting a biotech company that was in the process of being acquired. The attackers were after HR data, tax information and documents related to the acquisition.

In addition to APT41, the APT10 group was spotted targeting the healthcare sector. The threat actor launched spear-phishing campaigns in 2017 that were aimed at entities in Japan. Two of the three documents delivered in the spear-phishing attacks referenced cancer research conferences, FireEye said.

Advertisement. Scroll to continue reading.

APT18, also known as Wekby, has also been seen targeting biotech, pharmaceutical and cancer research organizations.

“One theme FireEye has observed among Chinese cyber espionage actors targeting the healthcare sector is the theft of large sets of PII and PHI, most notably with several high-profile breaches of U.S. organizations in 2015,” FireEye wrote in its report. “We assess that the theft of bulk data appears to remain a tactic employed by Chinese cyber espionage actors in targeting certain groups of individuals, as evidence by the breach of SingHealth in 2018.”

FireEye says the healthcare industry has been targeted by state-sponsored and cyber espionage groups from countries other than China, including Russia (APT28, APT29 and CyberBerkut) and Vietnam (APT32).

APT attacks on healthcare industry

The FireEye report covers healthcare threats in general. In addition to the Chinese APT attacks, the report also looks at financially-motivated cybercrime and the potential impact of malware and vulnerabilities on medical facilities and systems.

Related: Feeling the Pulse of Cyber Security in Healthcare

Related: AMCA Breach: Many More Impacted Healthcare Firms Come Forward

Related: Healthcare Firm EmCare Says 60,000 Employees and Patients Exposed in Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.