An Israeli cybersecurity firm last week uncovered an attempt by Iran-linked hackers to breach US drug company Gilead Sciences, which is racing to roll out a treatment for COVID-19.
It was unclear whether the hacking attempt was successful, according to the Reuters news agency, which first reported the incident on Friday.
The web domains and servers used by the hacking group were linked to Iran, but it wasn’t clear what the hackers’ motives were, or if they had any connections to Iran’s government.
Israeli cybersecurity firm ClearSky discovered the attempt, its lead researcher told the Ynet news site. ClearSky monitors Iranian hacking activity, and was one of three cybersecurity researchers that confirmed the Gilead hacking attempt to Reuters.
The other two researchers were not authorized to speak publicly. The report was based on publicly available web archives.
The hacking group, called “Charming Kitten,” usually focuses on hacking journalists and human rights groups, ClearSky’s Ohad Zaidenberg told Ynet.
In the past month and a half, the group trained its sights on officials dealing with the coronavirus crisis, he said.
“Last week we discovered that they are acting against the infrastructure of the American research institute Gilead, and we determined that they are trying to hurt other research bodies that are dealing with coronavirus, including in Israel,” Zaidenberg said.
Zaidenberg said that Israel was one of the outfit’s main targets.
“They went back to being very active last week. In Israel, they operate at a high intensity, trying to steal [personal] details and anything else that allows them to take control of an email address to use it for all kinds of purposes,” he said.
The recent hacking attempts show that hackers worldwide are concentrating their efforts on collecting information about the virus, Zaidenberg said.
For the Gilead hacking attempt, in one instance, the attackers sent a fake email login page to a top Gilead executive to try to steal passwords, Reuters reported. The method was used in prior attacks linked to “Charming Kitten.”
Iran’s envoy to the United Nations denied government involvement in the incident.
“The Iranian government does not engage in cyber warfare,” said Alirez Miryousefi. “Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
Gilead declined to comment on the matter due to company policies against discussing cybersecurity.
Iran-linked hackers, and other groups, have in recent weeks tried to breach the World Health Organization, Reuters reported. The US and UK said this week that state-sponsored attackers were targeting pharmaceutical and research firms dealing with coronavirus treatments, without naming the targets.
Gilead’s antiviral drug remdesivir on May 1 received emergency approval from the US Food and Drug Administration to treat COVID-19.
The FDA said in a statement that Gilead’s intravenous drug would be specifically indicated for hospitalized patients with “severe disease,” such as those experiencing breathing problems requiring supplemental oxygen or ventilators.
The FDA acted after preliminary results from a government-sponsored study showed that the drug shortened the time to recovery by 31 percent, or about four days on average, for hospitalized COVID-19 patients.
The National Institutes of Health’s Dr. Anthony Fauci said the drug would become a new standard of care for severely ill COVID-19 patients. The drug, which blocks an enzyme the virus uses to copy its genetic material, has not been tested on people with milder illness.
Israel has a strong relationship with California-based Gilead, putting the country in a good position to ensure supply of remdesivir, a Health Ministry official told The Times of Israel on Monday.
Israeli hospitals are currently part of two trials for remdesivir, one run by the company and one by the World Health Organization.