Chinese internet security experts claim that South Asian state-backed hackers are targeting China’s medical sector as the country struggles to keep up with ballooning infections from a new flu-like epidemic that is sweeping the country. Researchers at the Chinese internet security giant Qihoo 360 made the claim in a Feb. 4 blog post.

Why it matters: More than 28,000 people have been infected with the deadly novel coronavirus that emerged in the central Chinese city of Wuhan in late December.

  • The infection, which as so far killed 564 people, has spread panic and distrust around the country. Many from the worst-affected areas have had their personal data and travel itineraries for the Chinese New Year holiday leaked online.
  • South Asia is home to Pakistan, China’s “all-weather friend”; and India, which often sees Beijing as a strategic nuclear rival; as well as Bangladesh, Afghanistan, Sri Lanka, Nepal, Bhutan, and the Maldives.

Personal data leaks spread along with coronavirus panic

The researchers condemn the attacks as a threat to China’s efforts to control the epidemic:

It can be said that epidemic warfare is closely linked to cyberspace warfare, and cyberspace has become another important battlefield for epidemic warfare.”

–Qihoo 360 researchers

Details: Qihoo identifies the hackers as members of a South Asian advanced persistent threat (APT) group. APT groups are typically state-backed organizations that access private information for a prolonged period while remaining largely undetected.

  • The attackers used novel coronavirus-themed emails as bait to launch attacks on organizations “on the frontline” of fighting the epidemic, according to Qihoo. The researchers did not say which medical facilities or researchers were targeted nor did it specify which group was responsible for the attacks.
  • The attackers attach excel files, among others, to emails, which, when opened, install a backdoor program onto a victim’s computer. Backdoors typically allow remote access to an infected computer.
  • One such file was titled “Wuhan Travel Information Collection Application Form,” according to Qihoo.
  • The company confirmed the attack to originate from South Asia after comparing it to previous offensives from the region.

Context: Qihoo 360 is one of several companies that have reported a rise in the number of coronavirus-related phishing campaigns.

  • Both IBM and Kaspersky said they have seen wide-ranging phishing campaigns that use the coronavirus as bait.
  • The attacks described by IBM and Kaspersky do not target China, but other countries in the region including Japan, as well as the US and UK.
  • Some of these emails claim to offer information about coronavirus protection.

Chris Udemans

Christopher Udemans is a Shanghai-based technology reporter. He covers Chinese artificial intelligence, mobility, and cybersecurity. You can contact him at chrisudemans [at] technode [dot] com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.