According to the intelligence group, the hackers targeted the institute in Wuhan - the city where the coronavirus outbreak began - as well as the World Health Organization (WHO).
In a April 23 news release, the WHO confirmed that “some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response.”
“Since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyber attacks directed at its staff, and email scams targeting the public at large … Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. The number of cyber attacks is now more than five times the number directed at the Organization in the same period last year,” the WHO release added.
However, the WHO also noted that the leaked credentials did not impact its current systems but rather an older extranet system. Other victims of the leak include the Bill and Melinda Gates Foundation, the US Centers for Disease Control and Prevention, the World Bank and the US National Institutes of Health.
Although it’s not clear who’s behind the cyberattacks, SITE suggests that the hackers were trying to retrieve sensitive information regarding COVID-19 - perhaps related to conspiracy theories surrounding the pandemic.
There are some theories that the coronavirus was manufactured by the Wuhan Virology Institute as part of a Chinese bioweapons research program. However, experts have repeatedly stated that this theory is highly unlikely, with the WHO saying on April 21 that the virus’s genetic material points to an animal origin and not to laboratory production.
Last week, the US FBI also said it had some evidence of foreign, state-sponsored hackers targeting American institutions researching the coronavirus, potentially to access information regarding vaccines. However, the FBI did not identify the hackers or the states allegedly backing them, nor did it name any of the targets.
“The only thing that matters to [the far-right community] is that the data is available to use towards their own purposes – in this case being the spread of conspiracy theories about the ‘lab-made’ origins of the coronavirus, among other ideas,” Rita Katz, executive director of SITE, is quoted as saying by the South China Morning Post.
US cybersecurity firm FireEye also said Wednesday that in another attack, Vietnam-backed hackers tried to access the email accounts of Wuhan government staff and members of China’s Ministry of Emergency Management. However, Hanoi’s Foreign Affairs Ministry on Thursday said that the FireEye report was “baseless.”