After China’s cancer rate surged in recent years, Chinese authorities went looking for an answer to the problem. They appear to have found a useful tool in the country’s cyber capabilities.
Over the last two years, Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions, cybersecurity company FireEye said in a report published Wednesday. In at least one case, more than one group has gone after the same organization — evidence of a relentless pursuit of research data.
“It makes sense when you look at the larger context that China’s operating in,” said Luke McNamara, principal analyst at FireEye, referring to the cancer scourge in China and the resulting social costs.
In one incident in April, Chinese hackers targeted a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT41 spearphished employees of the same entity.
The hunt for cancer research appears to have gone beyond American organizations. In late 2017, APT10 — which U.S. officials have tied to China’s civilian intelligence agency — went on an expedition against health care organizations in Japan with documents related to cancer research conferences, according to FireEye.
Cancer research is but one segment of the medical sector allegedly pursued by these groups. Device manufacturers and other intellectual property-rich vendors have also found themselves in the crosshairs.
“Targeting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors,” the FireEye report says.
The Chinese Embassy in Washington did not immediately respond to a request for comment. China has denied allegations that it uses hacking to advance its economic goals.
China is the most notable sponsor of health care-focused espionage named in the FireEye report, but not the only one.
A handful of other examples include Russian military hackers’ attacks on anti-doping agencies, which resulted in an indictment by the U.S. Department of Justice last year, and Vietnam’s APT32 going after a British health care organization.
A trove of health data for spying
Hackers have demonstrated an interest in collecting health records in bulk in recent years. The data is coveted by spies because it can be used to build a profile of foreign officials’ frailties, for example. Two of the more prominent breaches of insurance and health care organizations allegedly involve Chinese hackers.
In May, U.S. prosecutors unsealed an indictment of a Chinese national related to the 2015 hack of health insurer Anthem that exposed personal information on nearly 79 million people.
In July 2018, Singapore announced that hackers had accessed the personal information of 1.5 million patients of the country’s health care system in what authorities labeled a foreign government operation.
In its report Wednesday, FireEye said the Singapore breach bore the fingerprints of a Chinese espionage group that has attacked media, government, and transportation organizations in Southeast Asia, among others.