16 November 2020

Russian, North Korean hackers target vaccine researchers


Russian, North Korean hackers target vaccine researchers

Three state-sponsored hacker groups have launched targeted campaigns aimed at leading pharmaceutical companies and researchers involved in the development of vaccines and treatments for Covid-19. According to Microsoft, the list of targets include entities in Canada, France, India, South Korea and the United States.

The culprits behind the attacks are believed to be the Strontium APT (aka Fancy Bear, APT28, Sofacy, Pawn storm, and Sednit), a group linked by security researchers to Russia, and two threat actor originating from North Korea that Microsoft calls Zinc (well-known as the Lazarus Group) and Cerium.

“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work,” the company said.

In order to obtain sensitive information the Strontium hackers employed password spray and brute force techniques that allowed them to steal login credentials. To reach their goal the Lazarus Group mainly used spear-phishing lures for credential theft, sending messages with fake job descriptions ostensibly from recruiters.

Cerium appears to be a new player on the cybercrime threat landscape. Microsoft says in the observed campaign the group engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organization representatives.

“At a time when the world is united in wanting an end to the pandemic and anxiously awaiting the development of a safe and effective vaccine for Covid-19, it is essential for world leaders to unite around the security of our health care institutions and enforce the law against cyber attacks targeting those who endeavor to help us all,” said Tom Burt, Microsoft Vice President for Customer Security & Trust, in a blog post.

Back to the list

Latest Posts

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020
FBI warns of spoofed FBI-related websites

FBI warns of spoofed FBI-related websites

Spoofed domains and email accounts could be used by foreign actors and cybercriminals to spread false information, deliver malware, or collect sensitive data.
25 November 2020
Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

Chinese APT Mustang Panda resumes efforts to collect intel on Vatican

In the latest campaign the treat actor was observed using updated toolset in order to evade detection.
25 November 2020