North Korean hackers pose as recruiters on LinkedIn and WhatsApp, to send job offer documents laden with malware to AstraZeneca staff
The criminal activities of alleged nation-state hackers has been laid bare, after it was reported that North Korea attempted to hack vaccine maker AstraZeneca.
AstraZeneca has teamed up with Oxford University, and is rushing to mass produce one of three promising vaccines to help combat the global Coronavirus pandemic.
Covid-19 has as of 27 November 2020, infected more than 61 million around the world and killed 1.43 million people. There is no data as to how bad Coronavirus is in North Korea, due to the secretive nature of that regime.
North Korean hackers
Hackers have attempted to breach the cyber defences of vaccine makers this year, UK and US officials have previously warned.
But now two people with knowledge of the matter told Reuters that suspected North Korean hackers tried in recent weeks to break into the systems of British drugmaker AstraZeneca.
The sources told Reuters that the hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers.
They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer.
The hacking attempts reportedly targeted a “broad set of people” including staff working on Covid-19 research, said one of the sources, but are not thought to have been successful.
The North Korean mission to the United Nations in Geneva did not respond to a request for comment.
AstraZeneca declined to comment.
The sources, who spoke on condition of anonymity, told Reuters that the tools and techniques used in the attacks showed they were part of an ongoing hacking campaign that US officials and cybersecurity researchers have attributed to North Korea.
The campaign has previously focused on defence companies and media organisations, but pivoted to Covid-related targets in recent weeks, according to three people who have investigated the attacks.
Cyberattacks against vaccine specialists, healthcare, and drugmakers have risen during the Covid-19 pandemic, as state-backed and criminal hacking groups sought to obtain vital data from rival nations.
In July for example, the US Department of Justice (DoJ) issued formal charges against two Chinese nationals, accused of stealing hundreds of millions of dollars’ worth of trade secrets and intellectual property.
The two Chinese nationals were also accused of targeting researchers developing a vaccine for the coronavirus.
Earlier in July, both UK and US intelligence agencies warned that Russian hacking group APT29 (also known as Cozy Bear) was actively targeting researchers developing a Covid-19 vaccine.
Stolen vaccine data can be sold for a healthy profit, western officials have warned, or used to extort vaccine makers, or provide valuable intelligence for foreign governments.
Reuters pointed out that Microsoft had said this month it had seen two North Korean hacking groups target vaccine developers in multiple countries, including by “sending messages with fabricated job descriptions.”
Microsoft did not name any of the targeted organisations.
South Korean lawmakers also reportedly said on Friday that the country’s intelligence agency had foiled some of those attempts.