According to Microsoft, state-sponsored hacking groups from Russia and North Korea are targeting Covid-19 vaccine makers. International hacking groups Strontium, Zinc, and Cerium target major pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States, Microsoft has revealed. While Strontium originates from Russia, Zinc and Cerium originate from North Korea.
Russia, North Korea targeting vaccine makers
“Cyberattacks are being used to disrupt health care organizations fighting the pandemic,” said Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft. “We think these attacks are unconscionable and should be condemned by all civilized society.”
Most of the targets are Covid-19 vaccine makers with vaccines in various clinical trial stages. Among the targets is a clinical research organization involved in trials. Meanwhile, one of the targets has also developed a Covid-19 test. Some pharmaceutical companies and vaccine researchers have contracts with government agencies, while some have government agencies’ investments.
Russia-backed Strontium continues to steal login credentials by using the password spray technique and brute-forcing login attempts. While Strontium uses thousands or millions of rapid attempts to hack into people’s accounts, Zinc uses spear-phishing lures for credential theft. It also impersonates recruiters to provide victims with fabricated job descriptions. Cerium hackers pretend to be World Health Organization representatives, using coronavirus-themed spear-phishing techniques to steal login credentials. To recall, Russia’s Strontium was also responsible for hacking into the recent U.S election.
“The majority of these attacks were blocked by security protections built into our products. We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help,” Burt added.
According to Microsoft, threat actors have targeted several hospitals and healthcare organizations with ransomware attacks worldwide. Among the targets were Brno University Hospital in the Czech Republic, Paris’s hospital system, the computer systems of Spain’s hospitals, hospitals in Thailand, medical clinics in Texas, a health care agency in Illinois, and even international bodies such as the World Health Organization.
Cyberattacks on hospitals and medical facilities can be deadly. Recently, at a hospital in Germany, a woman died due to a delay in treatment caused by a cyberattack. In April, Microsoft made its threat notification service available to health care and human rights organizations working on Covid-19. Microsoft says 195 organizations have enrolled in the service to protect 1.7 million email accounts for healthcare-related groups so far.