Cyber Incident Victim: Moderna
Date:
Jan 2020
Location:
United States of America
Summary
Chinese government-linked hackers targeted a U.S.-based COVID-19 vaccine developer in an attempted data theft operation, conducting reconnaissance activities against the company's networks. The U.S. Justice Department indicted two Chinese nationals acting as contractors for China's Ministry of State Security, alleging a decade-long hacking campaign that included targeting multiple medical research firms working on pandemic responses. The victim company confirmed collaborating with FBI investigators regarding these suspected activities while maintaining enhanced cybersecurity measures. Chinese authorities denied involvement, dismissing the allegations as baseless and asserting their own leading position in vaccine development. The incident reflects broader cyber espionage patterns against biopharmaceutical entities engaged in coronavirus-related research.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early 2020, Chinese government-linked hackers targeted Moderna Inc., a Massachusetts-based biotechnology company developing one of the earliest COVID-19 vaccine candidates. According to a U.S. security official and a July 7, 2020 Justice Department indictment, hackers Li Xiaoyu and Dong Jiazhi conducted reconnaissance activities against Moderna’s computer networks in January 2020, coinciding with the company’s public announcement of its mRNA vaccine candidate. The hackers, described as contractors for China’s Ministry of State Security, engaged in information reconnaissance—a process cybersecurity experts define as probing networks for vulnerabilities or scouting critical accounts. Moderna confirmed it had been alerted to these activities by the FBI and maintained contact with law enforcement. The company stated it employed an internal cybersecurity team, external support services, and collaborations with authorities to monitor threats, though it declined to disclose specific defensive measures. The incident occurred while Moderna was receiving approximately $500 million in U.S. federal funding for vaccine development and preparing for large-scale clinical trials.
The U.S. Justice Department indictment revealed the hackers targeted two additional unnamed U.S. medical research firms: a California-based company engaged in antiviral drug research (matching Gilead Sciences’ profile) and a Maryland-based vaccine developer (consistent with Novavax’s public announcements). Neither company confirmed being compromised, though Novavax acknowledged its cybersecurity team was monitoring foreign threats. Chinese Foreign Ministry spokesman Wang Wenbin categorically denied the allegations, calling them “baseless” and asserting China’s leading vaccine development status made theft unnecessary. The indictment detailed a decade-long hacking campaign by Li and Dong, with their COVID-19 targeting aligning with broader U.S. government assessments of Chinese state-affiliated groups aggressively pursuing pandemic-related intellectual property. Moderna’s vaccine data remained protected, with no evidence of exfiltration disclosed. The U.S. government did not publicly attribute the campaign to specific Chinese agencies beyond identifying the hackers as Ministry of State Security contractors.