Cyber criminals have reportedly infiltrated a biochemicals lab at Oxford University which is at the centre of the university’s research into coronavirus and associated treatments.
Oxford University confirmed to Forbes on Thursday that they were investigating an unauthorized intrusion at the Division of Structural Biology, which is popularly known as Strubi. The intrusion was first discovered by Alex Holden, the chief technology officer at Hold Security.
After discovering that hackers had infiltrated the biochemicals lab, Holden shared screenshots of the same with Forbes to demonstrate that the breach took place sometime around the middle of February and that hackers had accessed systems that controlled pumps and pressure. The identity of the hackers is not known yet.
As per available information, the hackers gained unauthorized access to a number of systems at Strubi, including machines used to prepare biochemical samples. Oxford university said they haven’t evaluated the extent of the breach yet but have informed the Information Commissioner’s Office and the National Cyber Security Centre who are now investigating the incident.
“We have identified and contained the problem and are now investigating further. There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Center and are working with them,” an Oxford University spokesperson told Forbes.
The spokesperson also confirmed that the breached systems did not contain any patient data records and thus, patient confidentiality is secure. The hacked systems were used to purify and prepare biochemical samples like proteins that are made for research purpose, including for research into the coronavirus.
Commenting on hackers targting Oxfoed University’s Strubi labs, Sam Curry, chief security officer at Cybereason, said the cyber attack “is another gutless and abhorrent act by cyber criminals. Due to the magnitude of the Covid-19 pandemic, and the fact that nearly 3 million people have died from the virus worldwide, I categorise this latest breach as an act of cyber terrorism. In the perfect world, loathsome groups like this would be brought to justice to face severe punishment.
“Unfortunately, we don’t live in a perfect world, and cyber gangs will continue to carry out these attacks because time and time again they are successful. Oftentimes, these gangs are working as contractors for nation-states and by gaining access to the proprietary information Oxford’s researchers have likely spent months working on, they will see a big payday.
“The good news is that the security researcher stepped forward to disclose this latest intrusion and that Oxford can simultaneously assess the damage and stop further exfiltration. In the future, collaborative efforts like this will enable cyber defenders to be perched on higher ground than attackers making it much easier to stop future terrorist attempts,” he added.
This is not the first time that cyber criminals have targeted institutions at the centre of coronairus research and vaccine development. In December, the European Medicines Agency, which is responsible for evaluating and monitoring medicines within the EU and the European Economic Area (EEA), also announced that it was the subject of a cyber attack that enabled hackers to get their hands on documents related to the development of a Covid-19 vaccine.
When the cyber attack took place, EMA was in the process of granting conditional marketing authorisation to BNT162b2, a COVID‑19 mRNA vaccine developed by BioNTech and Pfizer, as well as mRNA1273, a COVID-19 mRNA vaccine by Moderna Biotech Spain, S.L.
Recently, North Korean hackers targeted staff at British biopharmaceuticals company AstraZeneca which was conducting clinical trials of a coronavirus vaccine that it jointly developed with Oxford University.
According to Reuters, North Korean hackers posed as recruiters on LinkedIn and WhatsApp and targeted AstraZeneca employees with phishing emails that were laced with malware. The emails sent by hackers pertained to fresh job openings and required recipients to download malicious documents that were disguised as job descriptions.
Microsoft has also issued a warning about the Rusian hacker group Strontium and North Korean hacker groups Zinc and Cerium targeting organisations engaged in COVID-19 vaccine research with credential stuffing, brute-force, and spear-phishing attacks. The targeted organisations are located in Canada, France, India, South Korea, and the United States.
The list of targeted organisations is dominated by vaccine research organisations that have Covid-19 vaccines in various stages of clinical trials as well as organisations that have developed COVID-19 tests. Many of these organisations have been beneficiaries of government funding and contracts in many countries for Covid-19 related work.