ClearSky CEO Explains How it Foiled Iranian Hack of Gilead
Though owner of Remdesivir – a hot drug in the coronavirus age – is safe for now, analysts say Tehran is often capable of obtaining what it wants
The Islamic Republic of Iran has been hit hard by COVID-19. It ranks 10th worldwide in coronavirus cases, at 112,725, with 6,783 fatalities, according to Wednesday’s update from the Johns Hopkins coronavirus tracker.
This might have been the motivation behind a recent Iran-linked cyberattack against the California-based pharmaceutical company Gilead Sciences, Boaz Dolev, CEO and co-founder of the Israeli firm ClearSky Cyber Security, told The Media Line.
ClearSky discovered the hacking attempt, as was first reported by the Reuters news agency on Friday.
Gilead’s experimental drug Remdesivir is being rushed into the supply chain as a potential treatment for COVID-19. On May 1, the US Food and Drug Administration granted it emergency use authorization for treating the disease.
Gilead announced on Tuesday that the company had inked a deal with five generic manufacturers to produce the antiviral drug in 127 countries, excluding the United States.
“They maybe wanted to get information about the new medicine… because they have been infected quite badly, and I’m sure that they want to perhaps develop their own medicine or steal medicine IP [intellectual property] from someone else,” Dolev said, referring to the Iranians.
ClearSky has been monitoring the Iran-based hacking group Charming Kitten for the past four or five years, he noted.
According to Dolev, the Iranian hackers usually focus on obtaining information from academic researchers, but the cybersecurity firm noticed a change in January or early February.
“They might have, I would say, changed their modus operandi, and they were asked to get information about the COVID-19… from wherever they can get information about it,” he stated.
In the attempt on Gilead, the hackers used the World Health Organization as their email “phishing bite,” he noted. A suspicious email addressed to someone at the company was sent to ClearSky for examination, and that is when the hacking attempt was discovered.
The Iranians were impersonating a high-ranking official from the WHO.
Cybersecurity experts say this was a low-grade operation that does not reflect the full capabilities of the Iranian regime.
In emailed comments to The Media Line, Robert Pritchard, founder of The Cyber Security Expert, a consultancy and training firm, called the phishing techniques used by these particular hackers “fairly routine.”
Israeli cybersecurity expert Menny Barzilay adds that the operation was unsophisticated.
“If indeed it was the Iranian government, it was definitely not one of their leading offensive cyber units,” he told The Media Line.
Pritchard, however, warns that Iran’s hacking capabilities should not be underestimated.
“Iran has competent hacking specialists and has proven itself capable of running successful espionage campaigns online, as well as launching disruptive attacks on occasion,” he said.
Analysts say the persistence and patience of Charming Kitten does achieve occasional success.
Trevor Logan, a research analyst at the Foundation for Defense of Democracies’ Cyber-Enabled Economic Warfare (CEEW) project, says there have been reports of Iranian groups using social media to build fake profiles that engage with a circle of other fake profiles to appear legitimate.
“This extra effort is what makes Charming Kitten and other Iranian hacking groups particularly good at getting unsuspecting individuals to hand over their login credentials or download malware,” Logan told The Media Line via email.
Adds Dolev: “If you do enough, many times there is somebody in the end who is opening your letter or sending his credentials. So I would estimate that they succeed in getting information. Not from Gilead, but other targets, I’m quite sure.”