Hackers have been aggressively and successfully targeting universities engaged in novel coronavirus (COVID-19) research, recent reports show.

The rash of cyberattacks is the latest example of the willingness of cybercriminals and bad actors to target governments and public institutions as they work to contain the ongoing pandemic. 

The most recent victim, the University of California at San Francisco, discovered evidence of intrusion into its networks early last week, a representative of the school confirmed. UCSF, which has been conducting important virus research including antibody testing, may have had its data stolen, according to Bloomberg News.  

“We have engaged an IT security firm and have reached out to law enforcement,” reads a statement provided to Government Technology by the institution. “With their assistance, we are conducting a thorough assessment of the incident, including a determination of what, if any, information may have been compromised. In order to preserve the integrity of the investigation, we will need to limit what we can share at this time.”

Also on the list of most recent targets have been Michigan State University and apparently Columbia College of Chicago, both of which are conducting similar coronavirus research.

The group believed to be responsible is known as Netwalker, and it’s been known to target health-care organizations and to steal unencrypted data before encrypting it. Netwalker first emerged in the middle of last year and specifically targets enterprise networks. In each of the recent cases involving universities, the group has already posted a limited amount of data to its dark web leak site to support its claims, said Brett Callow, threat analyst with Emsisoft.

“Like multiple other groups, the operators of NetWalker have launched a name-and-shame leak site and use the threat of publishing exfiltrated data as additional leverage to extort payment,” Callow explained.

At this point, he said, there is no evidence to suggest that the groups are anything other than for-profit criminals primarily interested in extorting ransoms.

“That said, the fact the group has hit three universities in quick succession is certainly interesting and raises the question of whether the universities may have been specifically targeted for a particular reason,” Callow said. “Data is a valuable commodity and, at this point in time, COVID-19 research is a particularly valuable commodity.”

This article was originally published by Government Technology magazine, Techwire's sister publication.