Microsoft said it has detected attacks by state-backed hackers from North Korea and Russia on coronavirus vaccine efforts in a number of countries, including a number of major pharmaceuticals companies.
The company’s findings, which are based on data from its security services, follow warnings earlier this year from cyber-security authorities that hackers were targeting vaccine research.
Microsoft said it had uncovered campaigns from three distinct hacking groups, one from Russia and two from North Korea.
The attackers targeted seven pharmaceuticals companies involved in coronavirus vaccine research, and also singled out individual researchers in Canada, France, India, South Korea and the United States.
The attacks on individual researchers were aimed at obtaining login credentials that could be used to access corporate files, Microsoft said.
The company said the attacks are ongoing.
The first group, known as Strontium or Fancy Bear, is best known for creating disruption during the 2016 US presidential campaign by stealing files from the Democratic National Committee.
The group, said to be backed by the Russian government, is carrying out login attacks using brute-force and “password spray” techniques.
These methods use large numbers of repeated login attempts and can make use of credentials that may have been reused elsewhere.
A second group, known as Zinc or Lazarus Group, is thought to be affiliated with the North Korean government and has been accused of launching a high-profile attack on Sony Pictures in 2014, the 2017 WannaCry malware attack and the theft of $81 million (£61.5m) from the national bank of Bangladesh, among other high-profile incidents.
Lazarus Group has mainly employed spear phishing attacks, sending malicious messages that pose as recruitment offers and attempt to steal login data, Microsoft said.
A third North Korean group, which Microsoft refers to as Cerium, has also carried out targeted phishing attacks posing as messages from the World Health Organisation.
Microsoft said most of the attacks had been blocked, but acknowledged that some had been successful.
In July the UK’s NCSC cyber-security agency said that Russian hackers were targeting vaccine research, including efforts being carried out in Oxford.
At the time Russia denied carrying out such attacks, and the Russian embassy to the US told Reuters it had nothing to add.
North Korea’s representative to the United Nations has not yet responded to messages requesting comment.
Microsoft called on governments not to target healthcare organisations.
Industry supply chain analyst says Apple cut orders for the iPhone 16 for Q4 2024…
Heavy fine for LinkedIn, after Irish data protection watchdog cites GDPR violations with people's personal…
UK competition regulator begins phase one investigation into Alphabet's partnership with AI startup Anthropic
After alerting the US of an attempt to circumvent US export controls, TSMC halts chip…
Fresh win for Intel after Europe top court upholds annulment of billion-euro antitrust fine imposed…
News Corp surprises Perplexity, after the media group sued the AI search engine for allegedly…