UPDATE 1-Czechs warn of imminent, large-scale cyberattacks on hospitals

(Recasts with new details on attacks and warning)

PRAGUE/WASHINGTON/LONDON, April 16 (Reuters) - The Czech Republic warned international allies on Thursday of a imminent wave of disruptive cyberattacks against the country’s hospitals and other parts of its critical infrastructure.

The country’s NUKIB cybersecurity watchdog said the attacks, designed to damage or destroy victims’ computers, were expected in coming days. Two officials with knowledge of the matter said they could begin as soon as Friday.

“The information we have available has led us to a reasonable fear of a real threat of serious cyberattacks on major targets in the Czech Republic, especially on healthcare systems,” said NUKIB Director Karel Rehka.

The warning comes as hackers ranging from cyber criminals to government-backed spies are targeting businesses, governments and healthcare organisations with attempts to steal sensitive information about the new coronavirus outbreak.

A Czech official, speaking on condition of anonymity due to the sensitivity of the matter, said it was not clear who was responsible for the activity identified by NUKIB but it was thought to be the work of a “serious and advanced adversary.”

A technical note posted on the NUKIB website gave further details about the attacks, including samples of the code used by the hackers.

Two researchers who reviewed the samples for Reuters said the attacks used coronavirus-themed malware which would physically damage or destroy a victim’s computer by corrupting its master boot record.

Blake Darche, co-founder of U.S. cybersecurity firm Area 1 Security, said the virus was not technically sophisticated but added: “That doesn’t mean it won’t be impactful in causing the destruction of Windows computers.”

Unlike traditional cyber intrusions which focus on stealing information, destructive cyberattacks can cause catastrophic damage by disabling hundreds or thousands of computers.

Such attacks are rare but have previously knocked out companies, paralysed government agencies, and — in the case of a 2017 attack centred on Ukraine — hobbled an entire country.

NUKIB said a “preparatory phase” of the attacks was already underway, with the attackers using malicious emails to target operators of critical infrastructure.

A second Czech official said the so-called “spear phishing” campaign had been ongoing for weeks and specifically targeted Czech healthcare institutions.

“This is not spray-and-pray COVID malware stuff,” the official said, referring to recent attempts by some cyber criminals to exploit the coronavirus outbreak.

NUKIB’s warning means the country’s critical infrastructure operators were obliged to address the threats and take action.

Czech Health Minister Adam Vojtech told senators on Thursday that hackers had tried attacks on several hospitals and the ministry but had been detected. He added the intensity of attacks would likely grow, according to CTK news agency. (Reporting by Jason Hovet in Prague, Christopher Bing in Washington and Jack Stubbs in London; Additional reporting by Raphael Satter in Washington; Writing by Jack Stubbs; Editing by Lisa Shumaker and Lincoln Feast.)