Microsoft has discovered three advanced persistent threat actors (APTs), state-backed hacking groups in other words, that are targeting researchers looking to develop a Covid-19 vaccine.
“In recent months, we’ve detected cyber attacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19,” Tom Burt, Microsoft’s Corporate Vice President and head of the company’s Customer Security & Trust team, said. “The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”
Microsoft explained that targets were either Covid-19 vaccine makers, with vaccines at various stages of clinical trials, manufacturers of Covid tests or clinical research organizations. The recent attacks varied depending on which hacking group was involved.
On the attack
According to Microsoft, Strontium’s attack methods were focused around password spray and brute force login attempts. Zinc largely employed spear-phishing lures involving fake job offers, while Cerium used Covid-19 content as part of its phishing campaign, often purporting to be the World Health Organization.
Although the majority of the attacks launched by these state-sponsored groups were blocked by security software, Microsoft has implored governments around the world to condemn the attacks and enforce the international legal standards that protect healthcare facilities.
Other organizations and individuals support Microsoft’s stance, with more than 65 healthcare-related organizations signing up to the Paris Call for Trust and Security in Cyberspace.
Certainly, the recent attacks emphasize that more needs to be done to prevent cyber attackers from taking advantage of pandemic-induced panic. In addition to the three state-sponsored campaigns Microsoft has discovered, healthcare organizations fighting Covid-19 in France, Spain, Germany, Thailand and the US have all have been subjected to cyber attacks this year.