Iran-backed hackers have increasingly targeted U.S. drugmaker Gilead Sciences Inc. with attempts to steal passwords and compromise email accounts of the company, according to web-archives studied by three cybersecurity firms and reported by Reuters.
Employees at Gilead, whose drug Remdesivir is being researched as a potential coronavirus treatment, have received emails in which hackers attempted to get employees at the company to click on fake websites and give up their email login credentials. It remains unclear if the hacking attempts were successful.
Ohad Zaidenberg, the lead intelligence researcher at Israeli cybersecurity firm ClearSky said the email was part of a series of hacking efforts in which the hackers tried to gain access to email accounts by sending messages impersonating journalists.
Members of two other cybersecurity firms, who spoke on condition of anonymity, assessed that Iran was behind the effort as the fake web domains and hosting servers used in the hacking attempts were linked to Iran.
The hacking methods and malicious infrastructure used in the attempted hack previously been used by an Iranian group, known as “Charming Kitten” according to an assessment provided to Reuters by Priscilla Moriuchi, director of strategic threat development at U.S. cybersecurity firm Recorded Future.
“Access to even just the email of staff at a cutting-edge Western pharmaceutical company could give … the Iranian government an advantage in developing treatments and countering the disease,” Moriuchi told Reuters.
Iran’s mission to the United Nations has denied any involvement in the attacks.
“The Iranian government does not engage in cyber warfare,” said spokesman Alireza Miryousefi. “Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.”
A spokesman for Gilead declined requests for comment from Reuters, citing internal policy not to comment on cybersecurity matters. Reuters previously reported efforts linked to Iran to hack World Health Organization (WHO) staff email accounts.
On Tuesday the U.S. Cybersecurity and Infrastructure Security Agency (CISA), working in conjunction with the U.K. National Cyber Security Centre (NCSC) published a report warning of efforts by hackers targeting “national and international healthcare bodies, pharmaceutical companies, research organizations, and local government with the likely aim of gathering information related to the coronavirus outbreak.”
The reported hacking attempts do appear to highlight a new development in the information battle over the ongoing coronavirus pandemic. A U.S. State Department report previously assessed efforts by Iran, along with China and Russia, to spread similar disinformation narratives about the coronavirus.
While the coronavirus pandemic has affected countries around the world, Iran has been particularly heavily impacted by the virus and has suffered the highest death toll of any Middle Eastern country.
Gilead’s drug Remdesivir has been considered, alongside hydroxychloroquine as a potential treatment for coronavirus. The U.S. Food and Drug Administration (FDA) recently granted an emergency use authorization for Remdesivir to be used with coronavirus patients. A U.S.-led study found that patients who were given Remdesivir as a treatment recovered in an average of 11 days, as compared to an average of 15 days among those given a placebo.
