Categories: SecurityWorkspace

Microsoft Warns Of Russia, North Korea Attacks On Vaccine Research

Microsoft said it has detected attacks by state-backed hackers from North Korea and Russia on coronavirus vaccine efforts in a number of countries, including a number of major pharmaceuticals companies.

The company’s findings, which are based on data from its security services, follow warnings earlier this year from cyber-security authorities that hackers were targeting vaccine research.

Microsoft said it had uncovered campaigns from three distinct hacking groups, one from Russia and two from North Korea.

The attackers targeted seven pharmaceuticals companies involved in coronavirus vaccine research, and also singled out individual researchers in Canada, France, India, South Korea and the United States.

Image credit: World Health Organisation

Credential theft

The attacks on individual researchers were aimed at obtaining login credentials that could be used to access corporate files, Microsoft said.

The company said the attacks are ongoing.

The first group, known as Strontium or Fancy Bear, is best known for creating disruption during the 2016 US presidential campaign by stealing files from the Democratic National Committee.

The group, said to be backed by the Russian government, is carrying out login attacks using brute-force and “password spray” techniques.

These methods use large numbers of repeated login attempts and can make use of credentials that may have been reused elsewhere.

A second group, known as Zinc or Lazarus Group, is thought to be affiliated with the North Korean government and has been accused of launching a high-profile attack on Sony Pictures in 2014, the 2017 WannaCry malware attack and the theft of $81 million (£61.5m) from the national bank of Bangladesh, among other high-profile incidents.

Lazarus Group has mainly employed spear phishing attacks, sending malicious messages that pose as recruitment offers and attempt to steal login data, Microsoft said.

Healthcare risk

A third North Korean group, which Microsoft refers to as Cerium, has also carried out targeted phishing attacks posing as messages from the World Health Organisation.

Microsoft said most of the attacks had been blocked, but acknowledged that some had been successful.

In July the UK’s NCSC cyber-security agency said that Russian hackers were targeting vaccine research, including efforts being carried out in Oxford.

At the time Russia denied carrying out such attacks, and the Russian embassy to the US told Reuters it had nothing to add.

North Korea’s representative to the United Nations has not yet responded to messages requesting comment.

Microsoft called on governments not to target healthcare organisations.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

26 mins ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

2 hours ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 hours ago

Amazon Workers In Coventry Fail To Form Union

Amazon workers in Coventry lose union recognition ballot by just a handful of votes, amid…

7 hours ago

US Considers Further Chip Restrictions For China – Report

Stop supplying Beijing. US tells allied chip tech firms it is mulling the most severe…

8 hours ago