Microsoft researchers have found evidence that Russian and North Korean hackers have systematically attacked covid-19 labs and vaccine makers in an effort to steal data and initiate ransomware attacks.
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials, clinical research organization involved in trials, and one has developed a Covid-19 test,” said Tom Burt, a VP in Customer Security at Microsoft. “Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”
“The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium,” wrote Burt.
The attacks seem to be brute force login attempts and spear-phishing meant to lure victims to give up their security credentials. Microsoft, obviously, reports that its tools were able to catch and prevent most of the attacks. Sadly, the hackers are pretending to be World Health Organization reps in order to trick doctors into installing malware.
Zack Whittaker at TechCrunch noted that the Russian group, Strontium, is better known as APT28 or Fancy Bear, and the other groups are probably part of the North Korean Lazarus Group, the hackers responsible for WannaCry ransomware and the Sony hack in 2016.
Microsoft presented these findings at the Paris Peace Forum where the company is urging governments to fight cyberattacks against the healthcare sector. The biggest fear? Another healthcare-focused ransomware attack that results in the death of a patient.