Canada’s cyber spy agency says authorities are investigating possible security breaches at Canadian organizations doing COVID-19-related research — less than a week after it warned that Canadian intellectual property linked to the pandemic is a “valuable target” for state-sponsored actors.
“We’ve seen some compromises in research organizations that we’ve been helping to mitigate and we’re still continuing to look through what’s the root cause of those,” said Scott Jones, head of the Communications Security Establishment’s Cyber Centre, during an appearance in front of the Commons industry, science and technology committee this evening.
“Yes, we’ve seen activity coming from organizations where they’ve seen malicious activity, or at least suspicious [activity], and we’re working with them to determine whether or not it was malicious, where it came from and who, and was a success or not.”
Watch: The CSE’s Scott Jones on the threat of data breaches at Canadian pandemic research labs
It’s not clear where or when the alleged compromises happened, or whether they were state-sponsored.
Questioned by Liberal MP Nathaniel Erskine-Smith, Jones said the intelligence side of the agency is looking into the sources of that “malicious activity.”
Last week, the CSE and the Canadian Security Intelligence Service issued a rare joint statement warning of foreign espionage targeting agencies involved in pandemic response.
“The Communications Security Establishment has assessed that it is near certain that state-sponsored actors have shifted their focus during the pandemic and that Canadian intellectual property represents a valuable target,” said the Canadian statement.
“With regards to the specific threats, the Cyber Centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic.”
Last week, the FBI and the Cybersecurity and Infrastructure Security Agency in the U.S. publicly accused China of targeting U.S. organizations running COVID-19-related research.
“The United States condemns attempts by cyber actors and non-traditional collectors affiliated with the People’s Republic of China (PRC) to steal U.S. intellectual property and data related to COVID-19 research,” said Secretary of State Mike Pompeo in a statement today.
“The potential theft of this information jeopardizes the delivery of secure, effective and efficient treatment options.”
Last week’s Canadian statement said both agencies work closely with the Five Eyes intelligence-sharing alliance, which includes the United States.
“We regularly share information with our partners, including the U.S., which has a significant impact on protecting our respective countries’ safety and security,” it said.
CSE began sounding the alarm about the threat of state-sponsored hacks on Canada’s health sector at the start of the pandemic.
“These actors may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis, or to steal ongoing key research towards a vaccine or other medical remedies,” warned a March alert.
At the time, the agency warned that those sophisticated threat actors could target Canadian medical research labs working on vaccines or other remedies through manipulation or spear-phishing campaigns — or by going after critical vulnerabilities as more housebound employees connect with their workplaces through VPNs (virtual private networks).