Oxford University confirms breach of its Covid-19 lab

Although Oxford says no clinical studies were compromised, the attackers are likely to sell the data to nation states

One of Oxford University's laboratories involved in Covid-19 research has fallen victim to a cyber attack.

A spokesperson confirmed the attack to Forbes, revealing that the Division of Structural Biology, known as 'Strubi', had been hit with a cyber attack impacting some systems used to prepare biochemical samples.

The spokesperson added that the problem had been contained and was being investigated by further by cyber security experts. They stressed that no clinical studies were compromised as a result of the breach.

The hack is thought to have occurred in the middle of the month, and the actors behind it are yet to be identified.

The University has informed the National Cyber Security Centre (NCSC) about the incident, and the Agency is investigating. The Information Commissioner's Office (ICO) has also been notified.

The Strubi lab is a world-leading laboratory carrying out research on Covid-19 cells. However, it is not directly involved in the development of Oxford University's Covid-19 vaccine - created by the University's Jenner Institute in collaboration with pharmaceutical giant AstraZeneca.

Scientists at Strubi have been studying the working mechanism and structures of coronavirus cells, trying to find ways to prevent them from causing harm to human body.

Forbes found that some hackers were showing off access to Oxford's computer systems. Screenshots reportedly showed interfaces, with the ability to control the pressure gauges on lab equipment.

Experts said there was possibility that hackers targeted the Oxford lab in an attempt to steal secrets, which they could sell later.

"As the attackers were selling access it suggests it was probably not a nation state but a group who thought nation states or those working on valuable intellectual property might pay for," Professor Alan Woodward, a cyber security expert at the University of Surrey, told Forbes.

The news of Oxford lab hack has come at the time when cyber attacks targeting the healthcare sector are on the rise.

Last year, the US, Canadian and British intelligence agencies warned that hackers had been targeting biomedical research organisations to steal sensitive vaccine information.

The UK government said last summer it was '95 per cent' certain that Russian state-sponsored groups had attempted to hack into the Jenner Institute to steal sensitive information about Covid-19 vaccine.

Commenting on the recent Oxford lab hack, Sam Curry, chief security officer at Cybereason, said: "The reported hacking of an Oxford University biolab by threat actors is another gutless and abhorrent act by cyber criminals.

"Due to the magnitude of the Covid-19 pandemic, and the fact that nearly 3 million people have died from the virus worldwide, I categorise this latest breach as an act of cyber terrorism. In the perfect world, loathsome groups like this would be brought to justice to face severe punishment.

"Unfortunately, we don't live in a perfect world, and cyber gangs will continue to carry out these attacks because time and time again they are successful. Oftentimes, these gangs are working as contractors for nation-states and by gaining access to the proprietary information Oxford's researchers have likely spent months working on, they will see a big payday.'

"The good news is that the security researcher stepped forward to disclose this latest intrusion and that Oxford can simultaneously assess the damage and stop further exfiltration. In the future, collaborative efforts like this will enable cyber defenders to be perched on higher ground than attackers making it much easier to stop future terrorist attempts."