Microsoft reports hacking attempts targeting COVID-19 vaccine makers, some successful

Microsoft today revealed that North Korea and Russian state-sponsored hackers had been involved in cyberattacks targeting leading pharmaceutical companies. These seven companies are currently researching COVID-19 drugs and vaccines.

“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium,” said Tom Burt, Corporate Vice President, Customer Security & Trust.

These cyberattacks attacks, which were largely successful, were conducted by three hacker groups, including Fancy Bear/APT28, Lazarus, and Cerium. The Russian state-sponsored hacker group Strontium used password spraying techniques to steal researchers’ login credentials associated with the pharmaceutical companies. On the other hand, the Lazarus Group and Cerium used targeted spear-phishing emails to attack their victims; there is no word on the number of successful attacks, though.

Today’s blog post coincides with Microsoft President Brad Smith’s appearance at the Paris Peace Forum, where he plans to call on nations to protect health care companies from cyberattacks. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated,” the company explained today.