In one case, a fake email login page designed to steal passwords was sent in April to a senior Gilead official involved in legal and commercial affairs, according to a version archived on a website used to search malicious web addresses. Reuters could not determine whether the attack was successful.
Ohad Zaidenberg, chief intelligence researcher at Israeli cybersecurity firm ClearSky, who closely follows Iranian hacking activities and investigated the attacks, said the attempt was part of an effort by an Iranian group to compromise the email accounts of company personnel with messages that impersonate journalists. .
Two other cybersecurity researchers, who were not allowed to speak publicly about their analysis, confirmed that the web domains and hosting servers used in the hacking attempts were linked to Iran.
The Iranian mission to the United Nations denied any involvement in the attacks. “The Iranian government is not engaging in cyber warfare,” said spokesman Alireza Miryousefi. “The cyber activities in which Iran engages are purely defensive and protect against further attacks on Iranian infrastructure.”
A Gilead spokesperson declined to comment, citing a company policy not to discuss cybersecurity issues. Reuters could not determine whether any of these attempts were successful, on behalf of which the Iranian pirates were working, or their motivation.
However, hacking attempts show how cyber spies around the world are focusing their intelligence gathering efforts on information about COVID-19, the disease caused by the new coronavirus.
Reuters reported in recent weeks that hackers with ties to Iran and other groups had also attempted to break into the World Health Organization, and that Vietnam-related attackers had targeted the Chinese government on its management of the coronavirus epidemic.
Britain and the United States have warned this week that state-supported hackers are attacking pharmaceutical companies and research institutes working on treatments for the new disease.
The joint statement did not name any of the organizations attacked, but two people familiar with the matter said that one of the targets was Gilead, whose antiviral drug remdesivir is the only treatment so far proven to help patients infected with COVID -19.
Hacking infrastructure used to try to compromise the Gilead executive’s email account has already been used in cyberattacks by a group of suspected Iranian hackers known as “Charming Kitten,” said Priscilla Moriuchi, director. of the development of strategic threats from the American cybersecurity company Recorded Future, which examined the web archives identified by Reuters.
“Access to a simple email from the staff of a leading western pharmaceutical company could give … the Iranian government an advantage in developing treatments and fighting disease,” said Moriuchi, former analyst at USNational. Security Agency.
Iran has suffered greatly from COVID-19, with the highest number of deaths in the Middle East. So far, the disease has killed more than 260,000 people worldwide, sparking a global race between governments, private pharmaceutical companies and researchers to develop a cure.
Gilead is at the forefront of this race and was praised by US President Donald Trump, who met with California company CEO Daniel O’Day at the White House in March and May to discuss his work on COVID -19.
Last week, the U.S. Food and Drug Administration authorized Gilead’s remdesivir to be used urgently in patients with severe COVID-19, paving the way for wider use in more hospitals in the United States. .
An official of a European biotechnology company said that the industry was on “red alert” and was taking extra precautions to guard against attempts to steal research on COVID-19, such as carrying out all related work testing vaccines on “gap” computers that are disconnected from the Internet.
Additional reports from Raphael Satter to WASHINGTON, Joseph Menn to SAN FRANCISCO and Michelle Nichols to NEW YORK; edited by Chris Sanders and Edward Tobin
Our standards:Principles of the Thomson Reuters Trust.