Russia, North Korea-sponsored hackers target COVID-19 researchers

Russian and North Korean government-sponsored hackers have targeted companies directly involved in researching COVID-19 vaccines and treatments, and in some cases the attacks were successful, Microsoft said Friday.

In all, seven leading companies were targeted, said Tom Burt, Microsoft’s corporate vice president for customer security and trust. They include vaccine manufacturers with COVID-19 vaccines at various stages of clinical trials, a clinical research organization involved in trials, and a developer of a COVID-19 test. Organizations with contracts or investments from government agencies around the world have also been targeted for work related to COVID-19. The targets are located in the United States, Canada, France, India and South Korea.

“Microsoft is calling on world leaders to assert that international law protects health care facilities and to take action to enforce the law,” Burt wrote in a blog post. “We believe the law should be enforced not only when attacks come from government agencies, but also when they come from criminal groups that governments allow governments to operate – or even facilitate – within their own jurisdictions. borders. It is criminal activity that cannot be tolerated. “

One of the attack groups involved is Strontium, Microsoft’s nickname for Russian government-sponsored hackers. They use password pulverization and brute force login attacks that bombard servers with a large number of credentials in the hope of guessing the right ones. Last year, Microsoft caught Strontium infecting printers and other devices and using them as bridgeheads to compromise the networks to which they are connected. Most recently, Microsoft said Strontium targeted the Trump and Biden campaigns.

Two other groups, called Zinc and Cerium, work on behalf of the North Korean government. Both use spear phishing emails, those from zinc manufacturing job recruiters and those from Cerium posing as representatives of the World Health Organization.

“The majority of these attacks have been blocked by security protections built into our products,” Burt said of the activities of the three groups. “We notified all targeted organizations and where the attacks were successful we offered help.”

Friday’s blog post comes two weeks after officials from three U.S. government organizations warned that ransomware hackers were targeting hundreds of U.S. hospitals.

Other attacks, Burt said, have targeted hospitals in the Czech Republic, France, Spain, Thailand and the United States. In September, a patient died after a ransomware attack redirected her to a remote hospital in Germany.

In April, Microsoft said it was making its AccountGuard threat notification service available to healthcare and human rights organizations working on COVID-19. So far, 195 organizations have registered. Microsoft now protects 1.7 million email accounts for healthcare-related groups.