3 December 2020

North Korean hackers targeted at least six companies working on COVID-19 drugs and treatments


North Korean hackers targeted at least six companies working on COVID-19 drugs and treatments

North Korean hackers have reportedly launched cyber attacks against at least six companies involved in the development of coronavirus vaccines and treatments, according to The Wall Street Journal.

People familiar with the matter told the newspaper that since August the hackers have tried to infiltrate the networks of the two US-based pharmaceutical companies Johnson & Johnson and Novavax Inc., as well as three South Korean firms with Covid-19 drugs in earlier clinical trials, Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc. It is not clear if the attempts were successful.

The attacks appear to be the work of a North Korean cyber-espionage group called Kimsuky (Velvet Chollima, Black Banshee, Thallium), which is known for its cyber-espionage campaigns against South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification. However, in recent months the group has turned its attention to entities engaged in coranavirus-related research.

The coordinated attacks on the six companies were linked to Kimsuky based on the digital fingerprints previously observed in campaigns against the US State Department and South Korea’s unification ministry, such as the use of the same IP addresses.

The Kimsuky hackers have tried to lure victims by creating email accounts masquerading as their colleagues or friends and sending messages with malicious attachments or links that would allow the hackers to compromise the targets’ computers if they’re clicked on, according to the paper.

Johnson & Johnson representatives told the Journal that the company is watching out for threats to its data, and Maryland-based Novavax said it’s aware of foreign threats.

Last week, the news emerged that the British biopharmaceuticals company AstraZeneca, which is conducting clinical trials of a coronavirus vaccine, was also a target of a hacker attack. The attackers had tried to lure stuff at AstraZeneca with fake jobs offers posing as recruiters on networking site LinkedIn and WhatsApp. They then sent malicious documents purporting to be job descriptions in order to gain access to a victim’s computer.

However, it appears that the hacking attempts had not been successful.

Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021