Cyberespionage is gathering momentum and becoming everyday norm. It’s no surprise that the healthcare and medical industry would come up on the list — but, to date, it has been a field more abused by hackers motivated by medical identity theft and other financial fraud.
Rich Barger, chief intelligence officer with CyberSquared, says his firm can confirm at least three advanced persistent threat (APT) groups out of China who have targeted organizations in the medical field, including one group that posed as a life sciences and drug discovery company out of Beijing to lure and drop drive-by malware on related companies from that industry. The second was the group behind the well-known malware Sykipot used in various APT-type attacks; the third, the gang behind the VOHO targeted attack campaign — which CyberSquared found targeting the National Institute of Health.
“Many of these victims have technology or drugs that are a monopoly. If you are the first to market with some great new technology breakthrough or drug, and you get a profit from that research … it would definitely be an issue for the Chinese to target some of these” firms to gain a competitive advantage, Barger says.
Cyberspying against medical firms, while not as prevalent as attacks on industries like the defense contractor industry or information technology firms, isn’t new, but it appears to be growing, security experts say.
Interestingly, the attackers Mandiant are witnessing are not just stealing the traditional intellectual property so coveted by Chinese hackers, but, instead, they are after information on how these organizations do business. “They are taking proprietary data to increase operational efficiency, data to replicate processes, and insider knowledge for how organizations are operating inside China or with the Chinese healthcare industry,” Bejtlich says.
Why the interest in business process? Mandiant believes the interest has to do with the fact that healthcare is listed as one of China’s developmentpriorities in its 15-year science and technology strategy for 2006 to 2020.