Three APT groups have targeted at least seven COVID-19 vaccine makers

At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns.

Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments.

“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19.” reads the post published by Microsoft. “The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”

Microsoft linked the attacks to the Russia-linked Strontium APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit)  and two North Korea-linked groups tracked as Zinc (aka Lazarus Group) and Cerium.

The group mainly targeted vaccine makers that are testing Covid-19 vaccines, one of them is a clinical research organization involved in trials, while another one has developed a Covid-19 test. Several organizations targeted by the APT groups that have contracts with or investments from government agencies for Covid-19 related work.

Strontium hackers launched password spraying and brute-force attacks to break into victim accounts and steal sensitive information.

Zinc APT targeted the centers with spear-phishing campaigns aimed at employees working at the targeted companies using messages pretending to be sent by recruiters.

Cerium APT also launched Covid-19 themed spear-phishing campaigns using messages that pretend to be sent by representatives from the World Health Organization.

The targets were located in Canada, France, India, South Korea, and the United States, according to Microsoft.

Microsoft revealed that the majority of the attacks were blocked by protections implemented in its solutions, the IT giant already notified all organizations that were breached by the hackers.

Unfortunately, these attacks are just the tip of the iceberg, the healthcare industry is a privileged target for hackers that are also attempting to take advantage of the ongoing pandemic.

Threat actors recently targeted several hospitals and healthcare organizations in the United States. In the last months, hackers hit several hospitals and organizations involved in the response to the pandemic, including the Brno University Hospital in the Czech Republic, Paris’s hospital system, hospitals in Spain and Thailand.

“Today, Microsoft’s president Brad Smith is participating in the Paris Peace Forum where he will urge governments to do more. Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law.” concludes the post. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19)

[adrotate banner=”5″]

[adrotate banner=”13″]