#1273315: Chinese APT Groups Target Cancer Research Facilities: Report

Description: Chinese advanced persistent threat groups are targeting cancer research organizations across the globe with the goal of stealing their work and using it to help the country address growing cancer rates among its population, according to researchers at cybersecurity company FireEye

In a wide-ranging report issued this week about cybersecurity threats in the healthcare industry, FireEye researchers note that as the cancer rate in China rises along with the cost of healthcare, the country may be looking for a fast way to gain access to research that will help it address those concerns.

China also has a fast-growing pharmaceutical market that also may be interested in obtaining information on cancer research in hopes of getting medications to market more quickly, the researchers say.

"It is likely that an area of unique interest is cancer-related research, reflective of China's growing concern over increasing cancer and mortality rates, and the accompanying national healthcare costs," the FireEye researchers write. "Open source reports indicate that cancer mortality rates have increased dramatically in recent decades, making cancer the nation's leading cause of death. As the [People's Republic of China] continues to pursue universal healthcare by 2020, controlling costs and domestic industry will surely affect the PRC's strategy to maintain political stability."

Meanwhile, the growth in the country's pharmaceutical market creates "lucrative opportunities for domestic firms, especially those that provide oncology treatments or services. Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors," the report states.

Targeting Researchers
The researchers outline several instances over six years when Chinese advanced persistent threat groups have targeted cancer research institutions, at times sending out spear-phishing emails that referred to upcoming conferences in the subject line as a way to entice recipients to click on an attachment or a link to malicious sites through which malware was downloaded.

A Chinese group called APT18 - also known as "Wekby" - has been targeting biotech and pharmaceutical organizations as well as those conducting cancer research, the report notes.

The FireEye researchers say APT18 had been in one medical device manufacturing company's network for at least 60 days before being detected, accessing about 14 users' accounts and using or installing backdoors on more than 450 systems. The group collected and exfiltrated several gigabytes of medical imaging equipment files.

"Dating back to 2014, we've seen these groups ... active in targeting pharmaceutical companies, academic healthcare, various [organizations] that are all in the research side of healthcare and pharma," Luke McNamara, principal analyst at FireEye, tells Information Security Media Group. "A subset [of Chinese groups] that are targeting researchers seems to be organizations that have a specific focus in cancer research or, in some cases, cancer-related conferences."

Targeted More Than Once
One U.S.-based healthcare center that conducts cancer research - not named in the report - has been the target of multiple Chinese threat groups over the past few years. A Chinese group in April targeted the organization with malware dubbed Evilnugget, the researchers say. One of the documents used by the group to lure unsuspecting victims at the center focused on a conference being hosted by the organization.

In 2018, a threat group dubbed APT41, which researchers believe is backed by China's government, used spear-phishing malware called Crosswalk against staff at the center. Another group, APT22, which has focused on biomedical, pharmaceutical and healthcare organization, also targeted the same organization, the researchers note.
More info: https://www.healthcareinfosecurity.com/chinese-apt-groups-target-cancer-research-facilities-report-a-12952

Date added Aug. 24, 2019, 5:12 p.m.
Source healthcare infosecurity
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - China - New Reports in
  • China - APT18 / Wekby / TG-0416 / TG0416 / APT-18 / APT 18 / Dynamite Panda
  • China - APT41
  • HealthCare Industry News