Russian, N Korean hackers target COVID vaccine maker in India
Microsoft has detected cyber attacks from nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19, including in India
Microsoft has detected cyber attacks from nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19, including in India.
The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the US, and came from Strontium, an actor originating from Russia, and two bad actors originating from North Korea called Zinc and Cerium.
Although Microsoft did not reveal the names of the vaccine makers, at least seven Indian pharma companies are working to develop a vaccine against coronavirus, led by Serum Institute and Bharat Biotech.
According to Microsoft, among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials.
"One is a clinical research organization involved in trials, and one has developed a COVID-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for COVID-19 related work," Tom Burt, Corporate Vice President, Customer Security & Trust, said in a statement on Friday.
Strontium continues to use password spray and brute force login attempts to steal login credentials.
These are attacks that aim to break into people's accounts using thousands or millions of rapid attempts.
Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using COVID-19 themes while masquerading as World Health Organization representatives.
"The majority of these attacks were blocked by security protections built into our products. We've notified all organizations targeted, and where attacks have been successful, we've offered help," Burt elaborated.
Cyberattacks targeting the health care sector and taking advantage of the pandemic are not new.
Attackers recently used ransomware attacks to target hospitals and healthcare organizations across the US.
In May, a 136-strong group of the world's most prominent international law experts, in what has become known as the Oxford Process, issued a statement making it clear that international law protects medical facilities at all times.
In August, the Oxford Process issued a second statement emphasizing that organizations that research, manufacture and distribute of COVID-19 vaccines are also protected.
Earlier this year, the CyberPeace Institute and International Committee of the Red Cross led an effort by 40 international leaders calling on governments to stop the attacks on healthcare.
In April, Microsoft announced that it was making AccountGuard, its threat notification service, available to health care and human rights organizations working on COVID-19.
"Since then 195 of these organizations have enrolled in the service and we now protect 1.7 million email accounts for health care-related groups," Burt said.