Coronavirus: Iran-linked group attempts to hack Remdesivir maker Gilead drug company
Hackers linked to Iran have targeted staff at Gilead Sciences, the maker of remdesivir, an anti-viral shown to reduce recovery times in COVID-19 patients, in recent weeks, according to sources.
In one case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs, according to an archived version on a website used to scan for malicious web addresses. Reuters was not able to determine whether the attack was successful.
Ohad Zaidenberg, lead intelligence researcher at Israeli cybersecurity firm ClearSky, who closely tracks Iranian hacking activity and has investigated the attacks, said the attempt was part of an effort by an Iranian group to compromise email accounts of staff at the company using messages that impersonated journalists.
Two other cybersecurity researchers, who were not authorized to speak publicly about their analysis, confirmed that the web domains and hosting servers used in the hacking attempts were linked to Iran.
Iran’s mission to the United Nations denied any involvement in the attacks. “The Iranian government does not engage in cyber warfare,” said spokesman Alireza Miryousefi. “Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
A spokesman for Gilead declined to comment, citing a company policy not to discuss cybersecurity matters. Reuters could not determine if any of the attempts were successful, on whose behalf the Iranian hackers were working or their motivation.
Still, the hacking attempts show how cyber spies around the world are focusing their intelligence-gathering efforts on information about COVID-19, the disease caused by the novel coronavirus.
Reuters has reported in recent weeks that hackers with links to Iran and other groups have also attempted to break into the World Health Organization and that attackers linked to Vietnam targeted the Chinese government over its handling of the coronavirus outbreak.
Britain and the United States warned this week that state-backed hackers are attacking pharmaceutical companies and research institutions working on treatments for the new disease.
The joint statement did not name any of the attacked organizations, but two people familiar with the matter said one of the targets was Gilead, whose antiviral drug remdesivir is the only treatment so far proven to help patients infected with COVID-19.
The hacking infrastructure used in the attempt to compromise the Gilead executive’s email account has previously been used in cyberattacks by a group of suspected Iranian hackers known as “Charming Kitten,” said Priscilla Moriuchi, director of strategic threat development at US cybersecurity firm Recorded Future, who reviewed the web archives identified by Reuters.
“Access to even just the email of staff at a cutting-edgeWestern pharmaceutical company could give ... the Iranian government an advantage in developing treatments and countering the disease,” said Moriuchi, a former analyst with the US National Security Agency.
Iran has suffered acutely from the COVID-19, recording thehighest death toll in the Middle East. The disease has so far
killed more than 260,000 people worldwide, triggering a globalrace between governments, private pharmaceutical companies andresearchers to develop a cure.
Gilead is at the forefront of that race and has been laudedby US President Donald Trump, who met the California company’sCEO Daniel O’Day at the White House in March and May to discussits work on COVID-19.
The US Food and Drug Administration last week gave emergency use authorization to Gilead’s remdesivir for patients with severe COVID-19, clearing the way for broader use in more hospitals around the United States.