North Korean hackers ramp up coronavirus vaccine targeting

It's a COVID-19 vaccine hacking spree.
Kim Il-sung statue.
Kim Il-sung statue. (Roman Harak / Flickr)

North Korean hackers have been on a bit of a coronavirus vaccine hacking spree.

An espionage shop with suspected ties to the North Korean government has been working to breach multiple pharmaceutical companies working on coronavirus treatments in the U.S. and South Korea over the last several months, according to The Wall Street Journal.

Johnson & Johnson and Novavax — both U.S.-based firms working on COVID-19 vaccines — have reportedly been targeted, as have South Korea-based Genexine, Shin Poong Pharmaceutical and Celltrion. It was unclear if the attempts have been successful.

The attackers, which are believed to be part of the hacking group known as Kimsuky, have historically targeted South Korean think tanks and targets linked with sanctions and nuclear topics. But in recent months Kimsuky has expanded its targeting and turned its attention to pharmaceutical and research entities focused on the coronavirus, according to research from cybersecurity firm Cybereason.


The news coincides with unverified reports that North Korean leader Kim Jong-un has become increasingly alarmed about the pandemic. He has reportedly received an experimental COVID-19 vaccine and locked down Pyongyang in an effort to stave off economic damage from the pandemic in recent days.

It’s not the first time North Korean hackers have targeted coronavirus-related research. Hackers linked with Pyongyang have also zeroed in on U.K.-based AstraZeneca, which has been working with Oxford University to produce a vaccine in Britain, as Reuters has reported.

It was not clear what the North Korean hackers’ motives were, but the U.S. Department of Defense has been concerned that a cybersecurity incident could result in manipulated, stolen or deleted data in coronavirus vaccine research, which could result in dangerous health outcomes for Americans. To try preventing these nightmare scenarios, the DOD, National Security Agency, FBI, and the Department of Homeland Security have been working with entities focused on developing and distributing COVID-19 vaccines to protect them against foreign hacking, as CyberScoop reported.

The U.S. government has raised red flags about North Korea’s cyber-operations in recent days in an effort to protect private sector entities against their attacks. A U.S. government report that the FBI, DOD and DHS jointly issued in October detailed Kimsuky’s latest antics.

The State Department has taken steps to curtail the impact of North Korea’s cyber-operations. It announced a $5 million rewards program Tuesday meant to help the U.S. government tighten its grip on North Korean efforts to fund its nuclear weapons program — including those that are enabled by hacking operations.


A Novavax spokesperson told CyberScoop the company “is aware of ongoing foreign threats identified in the news.” Novavax is “closely monitoring developments and continually in touch with and working with the appropriate government agencies and commercial cybersecurity experts to address any developments and threats that may emerge,” the spokesperson added. A Johnson & Johnson spokesperson declined to comment on the alleged attacks, but said the company is “continually monitoring for activities that would put the systems and data that we are entrusted with at risk.”

AstraZeneca, Genexine, Shin Poong Pharmaceutical. and Celltrion did not immediately return requests for comment.

Update, 12/2/20: This article has been updated to include comments from Johnson & Johnson and Novavax.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts