Microsoft: COVID-19 vaccine makers are under attack by Russian and North Korean hackers

Microsoft said in a blog post that health care organisations fighting the COVID-19 pandemic are being disrupted by cyber attacks. The attacks originated from Strontium, an actor based in Russia as well as Zinc and Cerium originating from North Korea. The attacks aimed at seven pharmaceutical companies and researchers in the U.S., Canada, France, India, and South Korea.

“Among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials. One is a clinical research organisation involved in trials, and one has developed a COVID-19 test. Multiple organisations targeted have contracts with or investments from government agencies from various democratic countries for COVID-19 related work,” wrote Microsoft.

According to the company, Strontium uses password spray and brute force login attempts to steal login credentials. Zinc primarily used spear-phishing lures for credential theft, and Cerium creates email lures using COVID-19 themes while masquerading as World Health Organisation representatives.

To make progress, Microsoft says they are calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law by participating in the Paris Peace Forum. In April, Microsoft also introduced AccountGuard—a threat notification service—available to health care and human rights organisations working on COVID-19.

Earlier this month, Pfizer and Biotech announced that their COVID-19 vaccine is “90 percent effective” in clinical trials. Although the claim is based on early data, experts called the news “extremely encouraging”.


Related reading

Dzamira Dzafri