China Targeting US Labs to Spy on Virus Research, US Assistant AG Says

April 24, 2020 Updated: April 29, 2020

U.S. hospitals and research labs are being targeted by Chinese cyber activity, as Beijing seeks to obtain knowledge about U.S. progress on developing a vaccine for the CCP virus.

The action was suggested by U.S. Assistant Attorney General for National Security John C. Demers, who gave an opening keynote speech at a virtual business conference hosted by Future in Review (FiRe) on April 23.

When asked after his speech whether the regime was targeting U.S. labs for research into the virus, Demers replied: “It’s certainly the logical conclusion of everything I’ve said,” referring to his comments on the regime’s sweeping efforts to steal U.S. trade secrets and technology across an array of industries.

“There is nothing more valuable today than biomedical research relating to vaccines or treatments for coronavirus,” Demers said.

He added that it would be “beyond absurd” to think that China wouldn’t attempt to obtain “biomedical research relating to vaccines or treatment for coronavirus,” since the medical information would be of “great importance, not just from a commercial value.”

“Whatever country’s company or research lab develops that vaccine first and is able to produce it is going to have a significant geopolitical success story,” Demers said.

Warning

Demers said that U.S. authorities are monitoring the hacking activity.

“We are very attuned to increased cyber intrusions into medical centers, research centers, universities—anybody that is doing research in this area.”

The CCP (Chinese Communist Party) virus, commonly known as the novel coronavirus, originated from central China’s Wuhan city. The virus has since spread to more than 200 countries and territories, causing more than 49,800 deaths in the United States alone.

Demers’s warning came just days after FBI Deputy Assistant Director Tonya Ugoretz sounded the alarm during a webinar hosted by the Aspen Institute on April 16—though Ugoretz did not identify which specific countries were doing the hacking.

“We certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research,” said Ugoretz.

Ugoretz added that while research institutes wanted to make public their ongoing research efforts, they also became “a mark for other nations” who may want to steal “proprietary information that those institutions have.”

Bill Evanina, director of the National Counterintelligence and Security Center, also alerted research labs to the potential threat.

“Medical research organizations and those who work for them should be vigilant against threat actors seeking to steal intellectual property or other sensitive data related to America’s response to the COVID-19 pandemic,” he told Reuters recently.

China’s Theft

Demers also pointed to the growing number of trade secret and economic espionage cases involving China—usually utilizing company insiders to steal intellectual property.

The Chinese regime’s intelligence services have been recruiting company insiders, according to Demers. First, China identifies a specific technology that it would want to possess—either based on open-source information or other data it has already stolen. Then, it targets certain employees within companies that develop the technology, according to Demers.

An October 2018 federal indictment charged 10 Chinese individuals with trying to steal know-how for making turbofan engines: two officers at the Jiangsu Province bureau of China’s Ministry of State Security (JSSD); five computer hackers; a malware developer operating at the direction of JSSD; and two Chinese employees at a French aerospace manufacturer’s office in Suzhou, a city in Jiangsu Province. JSSD is China’s chief intelligence agency.

Demers explained that once Beijing finds a target—be it a government official or company employee—it would develop a relationship with the person, such as meeting his financial needs, or using coercion to get what it needs.

Aside from stealing technology, China also engages in cyber theft of massive amounts of data.

“All personal data is very useful to develop artificial intelligence tools and one of the areas in—which they [China] are definitely trying to compete very strongly with U.S. companies, European companies—is the development of artificial intelligence. You need big data to own your algorithms,” Demers said.

He also explained that service providers such as financial services companies and health insurance companies should be aware that their customers’ data “might be of interest to [foreign] intelligence services.” He pointed to the example of U.S. credit company Equifax.

On Feb. 10, the FBI (Federal Bureau of Investigation) published an indictment of four “Chinese military-backed hackers” for their alleged roles in the 2017 cyberattack against Equifax.

“The PLA [China’s military] hackers obtained names, birth dates, and social security numbers for approximately 145 million American citizens, in addition to driver’s license numbers for at least 10 million Americans stored in Equifax’s databases,” the FBI said in a statement.

The U.S. government has had some success in stopping the theft, Demers said, as with a recent case involving an employee at Monsanto, a U.S. agrochemical and agricultural biotechnology company. The FBI stopped a longtime company employee from leaving for China at an airport in June 2017, who was carrying a laptop containing a copy of the company’s proprietary algorithm used for an online farming software platform.

The U.S. Justice Department indicted the employee in November 2019 on several charges, including one count of conspiracy to commit economic espionage and three counts of economic espionage.

Follow Frank on Twitter: @HwaiDer