ClearSky CEO Explains How it Foiled Iranian Hack of Gilead
Not always enough. A security guard watches over the Gilead Sciences headquarters in Foster City, California, on April 30. (Josh Edelson/AFP via Getty Images)

ClearSky CEO Explains How it Foiled Iranian Hack of Gilead

Though owner of Remdesivir – a hot drug in the coronavirus age – is safe for now, analysts say Tehran is often capable of obtaining what it wants

The Islamic Republic of Iran has been hit hard by COVID-19. It ranks 10th worldwide in coronavirus cases, at 112,725, with 6,783 fatalities, according to Wednesday’s update from the Johns Hopkins coronavirus tracker.

This might have been the motivation behind a recent Iran-linked cyberattack against the California-based pharmaceutical company Gilead Sciences, Boaz Dolev, CEO and co-founder of the Israeli firm ClearSky Cyber Security, told The Media Line.

ClearSky discovered the hacking attempt, as was first reported by the Reuters news agency on Friday.

Gilead’s experimental drug Remdesivir is being rushed into the supply chain as a potential treatment for COVID-19. On May 1, the US Food and Drug Administration granted it emergency use authorization for treating the disease.

Gilead announced on Tuesday that the company had inked a deal with five generic manufacturers to produce the antiviral drug in 127 countries, excluding the United States.

“They maybe wanted to get information about the new medicine… because they have been infected quite badly, and I’m sure that they want to perhaps develop their own medicine or steal medicine IP [intellectual property] from someone else,” Dolev said, referring to the Iranians.

ClearSky has been monitoring the Iran-based hacking group Charming Kitten for the past four or five years, he noted.

According to Dolev, the Iranian hackers usually focus on obtaining information from academic researchers, but the cybersecurity firm noticed a change in January or early February.

“They might have, I would say, changed their modus operandi, and they were asked to get information about the COVID-19… from wherever they can get information about it,” he stated.

In the attempt on Gilead, the hackers used the World Health Organization as their email “phishing bite,” he noted. A suspicious email addressed to someone at the company was sent to ClearSky for examination, and that is when the hacking attempt was discovered.

The Iranians were impersonating a high-ranking official from the WHO.

Cybersecurity experts say this was a low-grade operation that does not reflect the full capabilities of the Iranian regime.

In emailed comments to The Media Line, Robert Pritchard, founder of The Cyber Security Expert, a consultancy and training firm, called the phishing techniques used by these particular hackers “fairly routine.”

Israeli cybersecurity expert Menny Barzilay adds that the operation was unsophisticated.

“If indeed it was the Iranian government, it was definitely not one of their leading offensive cyber units,” he told The Media Line.

Pritchard, however, warns that Iran’s hacking capabilities should not be underestimated.

“Iran has competent hacking specialists and has proven itself capable of running successful espionage campaigns online, as well as launching disruptive attacks on occasion,” he said.

Analysts say the persistence and patience of Charming Kitten does achieve occasional success.

Trevor Logan, a research analyst at the Foundation for Defense of Democracies’ Cyber-Enabled Economic Warfare (CEEW) project, says there have been reports of Iranian groups using social media to build fake profiles that engage with a circle of other fake profiles to appear legitimate.

“This extra effort is what makes Charming Kitten and other Iranian hacking groups particularly good at getting unsuspecting individuals to hand over their login credentials or download malware,” Logan told The Media Line via email.

Adds Dolev: “If you do enough, many times there is somebody in the end who is opening your letter or sending his credentials. So I would estimate that they succeed in getting information. Not from Gilead, but other targets, I’m quite sure.”

Give the Gift of Truth This Jewish New Year

The Media Line has been leading for more than twenty years in pioneering the American independent news agency in the Middle East, arguably the first in the region. We have always stayed true to our mission: to provide you with contextual sourced and trustworthy news. In an age of fake news masquerading as journalism, The Media Line plays a crucial role in providing fact-based news that deserves your support.

We're proud of the dozens of young students we've trained in our Press and Policy Student Program who will form the vanguard of the next generation of journalists to the benefit of countless millions of news readers.

Non-profit news needs public support. please help us with your generous contributions.
The Media Line
We thank our loyal readers and wish you all the happiest of holidays.

Invest in the
Trusted Mideast
News source.
We are on the
front lines.

Personalize Your News
Upgrade your experience by choosing the categories that matter most to you.
Click on the icon to add the category to your Personalize news
Browse Categories and Topics
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.