Categories: SecurityWorkspace

Microsoft Warns Of Russia, North Korea Attacks On Vaccine Research

Microsoft said it has detected attacks by state-backed hackers from North Korea and Russia on coronavirus vaccine efforts in a number of countries, including a number of major pharmaceuticals companies.

The company’s findings, which are based on data from its security services, follow warnings earlier this year from cyber-security authorities that hackers were targeting vaccine research.

Microsoft said it had uncovered campaigns from three distinct hacking groups, one from Russia and two from North Korea.

The attackers targeted seven pharmaceuticals companies involved in coronavirus vaccine research, and also singled out individual researchers in Canada, France, India, South Korea and the United States.

Image credit: World Health Organisation

Credential theft

The attacks on individual researchers were aimed at obtaining login credentials that could be used to access corporate files, Microsoft said.

The company said the attacks are ongoing.

The first group, known as Strontium or Fancy Bear, is best known for creating disruption during the 2016 US presidential campaign by stealing files from the Democratic National Committee.

The group, said to be backed by the Russian government, is carrying out login attacks using brute-force and “password spray” techniques.

These methods use large numbers of repeated login attempts and can make use of credentials that may have been reused elsewhere.

A second group, known as Zinc or Lazarus Group, is thought to be affiliated with the North Korean government and has been accused of launching a high-profile attack on Sony Pictures in 2014, the 2017 WannaCry malware attack and the theft of $81 million (£61.5m) from the national bank of Bangladesh, among other high-profile incidents.

Lazarus Group has mainly employed spear phishing attacks, sending malicious messages that pose as recruitment offers and attempt to steal login data, Microsoft said.

Healthcare risk

A third North Korean group, which Microsoft refers to as Cerium, has also carried out targeted phishing attacks posing as messages from the World Health Organisation.

Microsoft said most of the attacks had been blocked, but acknowledged that some had been successful.

In July the UK’s NCSC cyber-security agency said that Russian hackers were targeting vaccine research, including efforts being carried out in Oxford.

At the time Russia denied carrying out such attacks, and the Russian embassy to the US told Reuters it had nothing to add.

North Korea’s representative to the United Nations has not yet responded to messages requesting comment.

Microsoft called on governments not to target healthcare organisations.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Twitter Confirms ‘Super Follow’ Option, For Paid Content

Money maker. Super follow feature coming soon on Twitter, will allow users to receive tips…

11 hours ago

Windows 10 ‘Sun Valley’ Promises Major Overhaul

OS refresh. Major update to six year old Windows 10 operating system, dubbed Sun Valley,…

15 hours ago

Oxford University Confirms Hack Of Biology Lab Studying Covid-19

NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University,…

17 hours ago

Consumer Group Which? Targets Qualcomm In Legal Action

Legal action against Qualcomm could result in 29 million UK 4G smartphone owners being entitled…

1 day ago

Google To Change Review Process Of Scientist Work

Executives at troubled Google AI research unit say they are working to retain trust, after…

1 day ago

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

2 days ago