The same group of shadowy Iranian hackers who were caught trying to steal America's atomic secrets - a group that's known only by the nickname "Charming Kitten" - has been caught trying to hack into Gilead, Reuters reports in what the financial newswire billed as an "exclusive scoop".
Just days after the US and Britain issued a joint warning about hackers targeting pharmaceutical companies and academic research institutions as research on coronavirus remedies and vaccines becomes the new 'holy grail' for digital criminals, Reuters has published a report citing direct evidence of intrusion attempts at Gilead. For source material, Reuters cited "publicly available web archives" that its reporters examined, along with personnel from three cybersecurity firms.
In one case, a fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs, according to an archived version on a website used to scan for malicious web addresses. Reuters was not able to determine whether the attack was successful.
Ohad Zaidenberg, lead intelligence researcher at Israeli cybersecurity firm ClearSky, who closely tracks Iranian hacking activity and has investigated the attacks, said the attempt was part of an effort by an Iranian group to compromise email accounts of staff at the company using messages that impersonated journalists.
Two other cybersecurity researchers, who were not authorized to speak publicly about their analysis, confirmed that the web domains and hosting servers used in the hacking attempts were linked to Iran.
Reuters added later on that Gilead was one of the pharmaceutical companies to which the US and UK were referring in the statement above, citing a high-level source in the US government.
As for the suspect, Reuters said the "hacking infrastructure" - ie the types of exploits used - would suggest that the Iran-backed group "Charming Kitten" was likely behind the attack. And although Reuters couldn't confirm anything independently, experts speculated that Iran certainly has a motive for trying to steal medical research, since the US's embargo on the country has blocked even vital medical supplies from reaching Iran.
The hacking infrastructure used in the attempt to compromise the Gilead executive’s email account has previously been used in cyberattacks by a group of suspected Iranian hackers known as “Charming Kitten,” said Priscilla Moriuchi, director of strategic threat development at U.S. cybersecurity firm Recorded Future, who reviewed the web archives identified by Reuters.
"Access to even just the email of staff at a cutting-edge Western pharmaceutical company could give...the Iranian government an advantage in developing treatments and countering the disease," said Moriuchi, a former analyst with the U.S. National Security Agency.
Iran has suffered acutely from the COVID-19, recording the highest death toll in the Middle East. The disease has so far killed more than 260,000 people worldwide, triggering a global race between governments, private pharmaceutical companies and researchers to develop a cure.
Gilead is at the forefront of that race and has been lauded by U.S. President Donald Trump, who met the California company’s CEO Daniel O’Day at the White House in March and May to discuss its work on COVID-19.
Last week, the FDA granted emergency authorization for Gilead's remdesivir, a drug that, though it has shown mixed performance in trials, has been deemed the most promising treatment by Dr. Fauci and the White House task force. Even President Trump signed off on a plan to speed up production and distribution of the drug, based mostly on Dr. Fauci's assessment. Gilead itself says conclusive evidence about the drug's efficacy and safety hasn't been collected yet.
But although Iran's outbreak has quieted from the its earliest, deadliest days, dozens of top government officials have been infected, and some have even died, along with ~6,500 other Iranians. In total, roughly 105,000 Iranians have been confirmed to be infected, making Iran's the second-biggest outbreak in the Middle East, after Turkey.