President of the European Commission Ursula von der Leyen had directly accused China of carrying out cyber attacks against hospitals in Europe, stating that such attacks “cannot be tolerated.”
The comments were made by Ursula von der Leyen during the virtual EU-China Summit on Monday that saw participation from Chinese president Xi Jinping, Chinese Prime Minister Li Keqiang, as well as Charles Michel, the president of the European Commission.
“We have seen cyberattacks on hospitals and dedicated computing centers. Likewise, we’ve seen a rise in online disinformation, and we pointed out clearly that this cannot be tolerated,” she told reporters. She also termed the European Union's relation with China as both strategically important and challenging.
von der Leyen's comments comes not long after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) said they were investigating "the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors".
The main motive driving the hacking campaign is to illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.
The agencies warned that the potential theft of COVID-19-related research data and public health data could jeopardise the delivery of secure, effective, and efficient treatment options. Therefore, organisations conducting COVID-19-related research have been advised to maintain dedicated cyber security and insider threat practices to prevent surreptitious review or theft of research data.
In May, the UK's National Cyber Security Centre and the U.S. Department of Homeland Security also issued a joint advisory, warning organisations about ongoing activity by APT groups to target organisations involved in both national and international COVID-19 responses, such as healthcare bodies, pharmaceutical companies, and medical research organisations.
In the same month, Fresenius Group, Europe's largest private hospital operator, suffered a major ransomware attack that affected the company's global operations. Security researcher Brian Krebs revealed that the malware used in the operation was the dreaded Snake ransomware.