In recent weeks, hackers linked to Iran have targeted staff at United States drugmaker Gilead Sciences as the company races to deploy a treatment for the COVID-19 virus.
Last week, the US Food and Drug Administration gave emergency use authorization to Gilead’s remdesivir for patients with severe COVID-19, clearing the way for broader use in more hospitals around the US
How did the cyberattack occur?
In one known case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs. It is not known whether this attack attempt was successful.
The hacking infrastructure used in the attempt to compromise the Gilead executive’s email account has previously been used in cyberattacks by a group of suspected Iranian hackers known as “Charming Kitten,” said Priscilla Moriuchi, director of strategic threat development at US cybersecurity firm Recorded Future, who reviewed the web archives identified by Reuters.
Ohad Zaidenberg, lead intelligence researcher at Israeli cybersecurity firm ClearSky, who closely tracks Iranian hacking activity and has investigated the attacks, said the attempt was part of an effort by an Iranian group to compromise email accounts of staff at the company using messages that impersonated journalists.
Two other cybersecurity researchers, who were not authorized to speak publicly about their analysis, confirmed that the web domains and hosting servers used in the hacking attempts were linked to Iran.
The hacking attempts show how cyber spies around the world are focusing their intelligence-gathering efforts on information about COVID-19, with the United Kingdom and the US issuing a warning this week about state-backed hackers.
“Access to even just the email of staff at a cutting-edge Western pharmaceutical company could give…the Iranian government an advantage in developing treatments and countering the disease,” said Moriuchi, a former analyst with the US National Security Agency. Iran has suffered acutely from the COVID-19, recording the highest death toll in the Middle East.
Iran’s mission to the United Nations denied any involvement in the attacks. “The Iranian government does not engage in cyber warfare,” said spokesman Alireza Miryousefi. “Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
Gilead declined to comment with the spokesperson citing a company policy not to discuss cybersecurity matters.
By Jack Stubbs and Christopher Bing