FBI warns of China-linked hackers targeting US organizations researching COVID-19

The FBI and CISA have warned US organizations that malicious actors affiliated to the People’s Republic of China (PRC) are targeting organizations carrying out COVID-19 related research.


Screenshot (137)

The US Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint statement to raise awareness to attacks targeting COVID-19-related research, as well as formally accuse hackers affiliated to China as being the perpetrators.

According to the FBI and CISA, US organizations conducting COVID-19-related research are being targeted by PRC-affiliated cyber actors and non-traditional collectors (malicious insiders working inside the targeted organization). The FBI is currently investigating these incidents. Reportedly, these malicious actors are attempting to steal valuable intellectual property and public health data related to vaccines, treatments, and testing, which, according to the statement, could jeopardize the delivery of secure, effective, and efficient treatment options.

In addition to the statement officially naming cyber actors associated with People’s Republic of China as the perpetrators behind these attacks, it also comes as a warning to other US organizations to be cautious and strengthen their security to prevent a potential attack.

“The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.”

Recommendations to defend against a potential attack

CISA and FBI recommend organizations do the following:

  • Assume that press attention affiliating your organization with COVID-19 related research will lead to increased interest and cyber activity.
  • Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
  • Actively scan web applications for unauthorized access, modification, or anomalous activities.
  • Improve credential requirements and require multi-factor authentication.
  • Identify and suspend access of users exhibiting unusual activity.


Organizations that have already become victims are urged to report suspicious or criminal activity to their local field office.