EU Commission President Ursula von der Leyen has suggested that China may have been behind a spate of cyberattacks against hospitals in Europe during the coronavirus outbreak, stressing that the EU will not “tolerate” such malicious activity.
The accusations were levelled at the conclusion of an EU-China summit on Monday (22 June), which brought together von der Leyen and Council President Charles Michel with Chinese counterparts Premier Li Keqiang and President Xi Jinping for talks via videoconference.
“We have seen cyber attacks on hospitals and dedicated computing centres,” von der Leyen said, adding that she “pointed out” to Premier Li and President Xi that such attacks along with China’s disinformation campaign in Europe “cannot be tolerated.”
Days ago, China was widely reported to be the perpetrator of cyberattacks on Australia’s government and institutions. “A state-based actor with significant capabilities” had launched attacks on “essential service providers and operators of other critical infrastructure,” Prime Minister Scott Morrison said at the end of last week.
NATO & EU warning
At the beginning of June, members of the NATO alliance released a statement condemning “destabilising and malicious cyber activities directed against those whose work is critical to the response against the pandemic, including healthcare services, hospitals and research institutes.”
The comments from the Alliance came after an April statement from the Commission’s foreign affairs chief Josep Borrell, who said “malicious cyber activities” had been recorded across Europe’s healthcare sector, including phishing and malware distribution campaigns, scanning activities and distributed denial-of-service (DDoS) attacks.
Neither the Commission nor NATO however identified the victim nor the perpetrator of the attacks at the time.
A week before Borrell’s statement was issued, EURACTIV journalists in Prague reported that authorities in the Czech Republic had registered attacks on critical national infrastructures in the country, with the National Cyber and Information Security Authority (NÚKIB) issuing a cybersecurity warning.
The authority stated that crucial Czech communication and information systems across medical facilities had been exposed to large-scale cyberattacks attacks.
The attacks had been unsuccessful however, said Health Minister Adam Vojtěch. After the news broke, Czech media had widely levelled accusations against Russia, whose embassy in Prague reacted by calling the allegations “fake news”.
US Secretary of State Mike Pompeo had even entered the debate on cyberattacks against Czech hospitals, but refrained from calling out any particular state actor.
“We call upon the actor in question to refrain from carrying out disruptive malicious cyber activity against the Czech Republic’s healthcare system or similar infrastructure elsewhere,” he said.
Elsewhere, the World Health Organisation had also been subjected to an attempted infiltration from “elite hackers” it was revealed in late March, and the month also saw a failed cyber attack levelled at Paris’ AP-HP hospital, according to Bloomberg.
Health authorities in Spain have also been targeted by cyberattacks, as well as a UK coronavirus medical research company.
In addition, reports from EURACTIV Slovakia early on in the outbreak revealed that cybersecurity experts in the country had been alerted to a spate of cybercriminal activity related to the coronavirus, including phishing emails, trojans and spam.
As well as accusations against China’s cyberattacks in Europe, von der Leyen also drew attention to the country’s campaign of disinformation on the bloc during the coronavirus pandemic.
“The European Union is very active on dismantling disinformation. So by doing so, you go to the source and you have an idea where this information comes from,” she said, adding that such activities make the relationship between the EU and China “not an easy one.”
In mid-June, the Commission pointed the finger at China for its efforts in spreading disinformation related to the coronavirus outbreak in Europe, with the publication of a communication entitled ‘Tackling COVID-19 disinformation’.
“Foreign actors and certain third countries, in particular Russia and China, have engaged in targeted influence operations and disinformation campaigns around COVID-19 in the EU, its neighbourhood and globally, seeking to undermine democratic debate and exacerbate social polarisation, and improve their own image in the COVID-19 context,” the communication stated.
Ahead of the announcement, Commission Vice-President Věra Jourová had expressed her approval of the executive finally naming China as a propagator of disinformation in Europe, after the executive had allegedly backtracked on naming and shaming the country in the past.
“We have, for the first time, decided to name China in our report. I’m glad we did this because if we have evidence we must say it,” she said. “It’s time to tell the truth.”
(Edited by Frédéric Simon)