Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday.
The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium.
Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research.
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, wrote in a blog post. “One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”
While Microsoft said it deflected the majority of the attacks, some got through, and the company notified everyone affected and offered help to victims, Burt said.
The Russian group relies heavily on password spraying and brute force login attempts, while the two North Korean groups use spearphishing, Microsoft said.
U.S. government agencies, sometimes pairing with foreign allies, have warned about Russian and Chinese hackers targeting vaccine researchers, and those same agencies have fought to disrupt the attackers.
To date, there have been fewer warnings about North Korea, but just last week, Cybereason security researchers said they had seen the North Korea-linked Kimsuky group targeting COVID-19 pharmaceutical and research companies.
Microsoft combined its report on nation-state hacking groups going after COVID-19 research with a plea for action. The company’s president, Brad Smith, is attending the Paris Peace Forum Friday with a message for governments.
“Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” Burt wrote. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated.”