A report by The Telegraph reveals that an Oxford University biology laboratory researching COVID-19 has been hacked by a cyber gang in mid-February due to fears that the lab was attempting to sell information about the virus to the highest bidder.
According to the outlet, the hack occurred at the University of Oxford’s Division of Structural Biology, also known as Strubi.
The Strubi lab is unrelated to the Jenner Institute, which developed a COVID-19 vaccine with pharmaceutical giant AstraZeneca.
The hack is currently investigated by the National Cyber Security Centre (NCSC) as it attempts to “fully understand its impact.” As of now, security sources are unclear who was responsible for the attack and could not rule out the involvement of a hostile foreign state. The NCSC also noted that the cyber attack had “no impact on any clinical research.”
The lab studies the protein structures of COVID-19. Screenshots of the hackers’ access to the lab’s computer systems showed interfaces for what appear to be potential lab equipment used to purify and prepare biochemical samples, like proteins, The Telegraph reported.
In a statement to The Telegraph, Oxford University confirmed that Strubi had been hacked.
“We have identified and contained the problem and are now investigating further. There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Centre and are working with them,” an unidentified spokesperson noted. “With news about cybercriminals tampering with water purity controls, other attacks against energy companies—this type of data in the hands of cybercriminals draws many concerns,” the spokesperson also noted in a statement to Forbes.
This is not the first time that hackers have been accused of targeting COVID-19 research.
In November, Microsoft accused state actors from Russia and North Korea of targeting pharmaceutical companies and researchers working on vaccines and treatments for COVID-19.
In a blog post at the time, Microsoft accused attackers of targeting “leading pharmaceutical companies and vaccine researchers” in Canada, France, India, South Korea and the United States.