North Korean hackers have reportedly launched cyber attacks against at least six companies involved in the development of coronavirus vaccines and treatments, according to The Wall Street Journal.
People familiar with the matter told the newspaper that since August the hackers have tried to infiltrate the networks of the two US-based pharmaceutical companies Johnson & Johnson and Novavax Inc., as well as three South Korean firms with Covid-19 drugs in earlier clinical trials, Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc. It is not clear if the attempts were successful.
The attacks appear to be the work of a North Korean cyber-espionage group called Kimsuky (Velvet Chollima, Black Banshee, Thallium), which is known for its cyber-espionage campaigns against South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification. However, in recent months the group has turned its attention to entities engaged in coranavirus-related research.
The coordinated attacks on the six companies were linked to Kimsuky based on the digital fingerprints previously observed in campaigns against the US State Department and South Korea’s unification ministry, such as the use of the same IP addresses.
The Kimsuky hackers have tried to lure victims by creating email accounts masquerading as their colleagues or friends and sending messages with malicious attachments or links that would allow the hackers to compromise the targets’ computers if they’re clicked on, according to the paper.
Johnson & Johnson representatives told the Journal that the company is watching out for threats to its data, and Maryland-based Novavax said it’s aware of foreign threats.
Last week, the news emerged that the British biopharmaceuticals company AstraZeneca, which is conducting clinical trials of a coronavirus vaccine, was also a target of a hacker attack. The attackers had tried to lure stuff at AstraZeneca with fake jobs offers posing as recruiters on networking site LinkedIn and WhatsApp. They then sent malicious documents purporting to be job descriptions in order to gain access to a victim’s computer.
However, it appears that the hacking attempts had not been successful.