Iranian hackers target U.S. drug company involved in coronavirus treatment: report
Iran-linked hackers have targeted U.S. drug company Gilead Sciences Inc. in recent weeks as the company works to develop treatments for the COVID-19 virus, Reuters reported Friday.
According to Reuters, the hackers posed as journalists and sent emails to Gilead staffers that were designed to trick them into disclosing their passwords. Reuters was not able to determine if any of the attempted attacks were successful.
The Food and Drug Administration last week approved an emergency use authorization of Gilead’s drug remdesivir to help treat COVID-19 patients. The drug, which is an antiviral medication, was found in one clinical trial to shorten the time of recovery for those suffering from the virus.
An official for Gilead declined to comment on the story to The Hill, saying Gilead does not comment on “information security measures.”
Alireza Miryousefi, a spokesman for Iran’s mission to the United Nations, told Reuters that “the Iranian government does not engage in cyber warfare,” and that “cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
Iran is regarded by experts as one of the most dangerous nation states in cyberspace alongside Russia, China and North Korea. Concerns over Iran’s cyber capabilities increased in January due to increased tensions between the U.S. and Iran over the death of Iranian Gen. Qasem Soleimani.
Cybersecurity threats against health care groups have spiked over the past months as the world has struggled to respond to the COVID-19 pandemic.
Leading agencies including the World Health Organization and the Department of Health and Human Services (HHS) have suffered cyberattacks, while officials have warned that hackers are increasingly eying vulnerable hospitals and other essential services as easy targets.
The HHS Office of Inspector General on Friday previewed a recent cybersecurity audit, warning that HHS “needs to improve security controls to more effectively prevent cyberattacks.” The agency did not publish the full audit, citing concerns over “increased cyber-attacks.”