Pharmaceutical companies and vaccine researchers working on a coronavirus vaccine have been the target of hacking attacks, a new report from Microsoft says. The company says these attacks are coming from nation-states, and it condemns the attacks and calls on other states to condemn them too.
Microsoft said in a blog post by Tom Burt, Corporate Vice President, Customer Security & Trust, that it has detected cyberattacks targeting both pharmaceutical companies and researchers in Canada, France, India, South Korea, and the U.S. Most of the attacks targeted organizations that were in the process of developing a coronavirus vaccine, especially those who were currently performing clinical trials.
“Among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials,” Burt wrote. “One is a clinical research organization involved in trials, and one has developed a COVID-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for COVID-19 related work.”
Microsoft says the attacks came from three actors: Strontium from Russia and two groups from North Korea named Zinc and Cerium. Each group has its own preferred method of hacking, with Strontium using brute force login attempts, in which computers generate and automatically test millions of passwords with the hope that they will happen upon a working password by chance which can then be used to access the system.
Zinc prefers to use spear phishing, in which a particular person, usually someone high up in an organization, is targeted with a phishing attack tailored to their personal situation. Microsoft gave the example of pretending to be a recruiter and emailing someone with what appears to be a job offer to lure them into sharing their credentials.
Cerium also used spear phishing, but instead of pretending to be a recruiter, they pretended to be representative of the World Health Organization and lured people in by discussing themes related to coronavirus.
Microsoft says it blocked many of these attacks with the security protections that are a part of its products and has offered to help organizations where attacks did get through. The company is also urging international leaders to be more proactive in protecting healthcare workers and researchers from cyberattacks.
