Canada’s research on the response to the COVID-19 pandemic is at an “elevated level of risk” for state-sponsored hacking and espionage, say the country’s two main spy agencies
The joint statement from the Communications Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS) follows a warning from U.S. intelligence agencies who have accused China-backed hackers of attempting to steal American research on vaccines, treatments and testing related to the novel coronavirus.
Unlike the American warning, the Canadian statement does not identify which state actors are targeting Canadian research institutions or if there have been any specific attacks.
“COVID-19 has had a profound impact on our country and the world. This uncertain environment is ripe for exploitation by threat actors seeking to advance their own interests,” reads the statement from CSEC and CSIS.
“It is near certain that state-sponsored actors have shifted their focus during the pandemic and that Canadian intellectual property represents a valuable target.”
CSIS said there is “an increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres.”
“As a result, CSIS is working with these organizations to ensure that their work and proprietary information remains safely in their control. Its focus is on protecting Canadian intellectual property from these threats — and jobs and economic interests with it.”
The agencies said most of the malicious threat activity tracked so far during the on-going pandemic has been criminal in nature, such as phishing campaigns, and CSE has been reaching out to health organizations with advice on how to prevent hacking attempts.
“The Cyber Centre has and continues to recommend that Canadian health organizations remain vigilant and take the time to ensure that they are applying cyber defence best practices, including increased monitoring of network logs, reminding employees to be alert to suspicious emails, use secure teleworking practices, ensuring that servers and critical systems are patched for all known security vulnerabilities,” the agencies said.
In a statement Wednesday, the FBI and the Department of Homeland Security accused cybercriminals affiliated with the People’s Republic of China (PRC) of attempting to steal U.S. intellectual property related to COVID-19 research.
“The United States condemns attempts by cyber actors and non-traditional collectors affiliated with the People’s Republic of China (PRC) to steal U.S. intellectual property and data related to COVID-19 research,” said Secretary of State Mike Pompeo in a statement.
“The potential theft of this information jeopardizes the delivery of secure, effective and efficient treatment options.”
The warnings from Canada’s spy agencies come as Ottawa has promised more than $1 billion toward a national medical and research strategy to fight COVID-19, that will see research labs and universities across the country expand their capacity to study the virus, including treatments, blood testing, or possible vaccines.
In March, the CSE warned companies and research organizations that state-sponsored hackers may attempt to exploit the global pandemic to steal information or compromise computer systems.
“These actors may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis or steal ongoing key research towards a vaccine or other medical remedies, or other topics of interest to the threat actor,” the agency wrote in a March 20 note.