Cybersecurity Briefing — APTs target COVID-19 research programs
CISA and the UK NCSC report password spraying and scanning campaigns against healthcare, pharma, and research orgs tied to COVID-19 work, emphasizing MFA, VPN patching, and incident readiness.
Executive briefing: Alert AA20-126A details how APT groups are hammering vaccine and therapeutic supply chains through password spraying, VPN exploitation, and supplier reconnaissance. Security leaders supporting labs, universities, and pharmaceutical manufacturing need to elevate credential hygiene, credential reset plans, and supplier monitoring.
Program moves
- Segment research identities. Move privileged laboratory, SCADA, and cloud research accounts into hardware-backed MFA and dedicated directories to frustrate mass password spraying.
- Patch remote gateways. Re-verify Citrix ADC, Pulse Secure, Fortinet, and Palo Alto VPN patches and disable unneeded portals referenced in the alert.
- Supply-chain attestations. Ask CROs, universities, and manufacturing partners for written assurance covering password policies, access monitoring, and logging controls highlighted by CISA.
Source excerpts
Primary — Target set: “APT actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.”
CISA AA20-126A
Primary — Password spraying risk: “CISA and NCSC are actively investigating large-scale password spraying campaigns… Actors are using this type of attack to target healthcare entities… as well as international healthcare organizations.”
CISA AA20-126A