Categories: SecurityWorkspace

Microsoft Warns Of Russia, North Korea Attacks On Vaccine Research

Microsoft said it has detected attacks by state-backed hackers from North Korea and Russia on coronavirus vaccine efforts in a number of countries, including a number of major pharmaceuticals companies.

The company’s findings, which are based on data from its security services, follow warnings earlier this year from cyber-security authorities that hackers were targeting vaccine research.

Microsoft said it had uncovered campaigns from three distinct hacking groups, one from Russia and two from North Korea.

The attackers targeted seven pharmaceuticals companies involved in coronavirus vaccine research, and also singled out individual researchers in Canada, France, India, South Korea and the United States.

Image credit: World Health Organisation

Credential theft

The attacks on individual researchers were aimed at obtaining login credentials that could be used to access corporate files, Microsoft said.

The company said the attacks are ongoing.

The first group, known as Strontium or Fancy Bear, is best known for creating disruption during the 2016 US presidential campaign by stealing files from the Democratic National Committee.

The group, said to be backed by the Russian government, is carrying out login attacks using brute-force and “password spray” techniques.

These methods use large numbers of repeated login attempts and can make use of credentials that may have been reused elsewhere.

A second group, known as Zinc or Lazarus Group, is thought to be affiliated with the North Korean government and has been accused of launching a high-profile attack on Sony Pictures in 2014, the 2017 WannaCry malware attack and the theft of $81 million (£61.5m) from the national bank of Bangladesh, among other high-profile incidents.

Lazarus Group has mainly employed spear phishing attacks, sending malicious messages that pose as recruitment offers and attempt to steal login data, Microsoft said.

Healthcare risk

A third North Korean group, which Microsoft refers to as Cerium, has also carried out targeted phishing attacks posing as messages from the World Health Organisation.

Microsoft said most of the attacks had been blocked, but acknowledged that some had been successful.

In July the UK’s NCSC cyber-security agency said that Russian hackers were targeting vaccine research, including efforts being carried out in Oxford.

At the time Russia denied carrying out such attacks, and the Russian embassy to the US told Reuters it had nothing to add.

North Korea’s representative to the United Nations has not yet responded to messages requesting comment.

Microsoft called on governments not to target healthcare organisations.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

3 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

3 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

3 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

4 days ago