Russian and North Korean hackers attacked Covid-19 labs

Microsoft researchers found evidence that Russian and North Korean hackers systematically attacked Covid-19 laboratories and vaccine manufacturers with the aim of stealing data and launching ransomware attacks.

“Of the targets, the majority are vaccine manufacturers who have Covid-19 vaccines at different stages of clinical trials, a clinical research organization involved in trials, and one has developed a Covid-19 test,” Tom said. Burt, vice president of customer security at Microsoft. “Several targeted organizations have contracts or investments with government agencies in various democratic countries for work related to Covid-19.”

“Targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks were from Strontium, an actor from Russia, and two actors from North Korea that we call Zinc and Cerium, ”Burt wrote.

The attacks appear to be brute force login attempts and spear phishing. to get victims to give up their security information. Microsoft obviously reports that its tools were able to detect and prevent most attacks. Unfortunately, hackers pose as representatives of the World Health Organization to trick doctors into installing malware.

Zack Whittaker at TechCrunch noted that the Russian group Strontium, is better known as APT28 or Fancy bear, and the other bands are probably from North Korea Lazarus Group, the hackers responsible for the WannaCry ransomware and the Sony hack in 2016.

Microsoft presented the results at the Paris Peace Forum, where the company urges governments to tackle cyber attacks against the healthcare industry. The biggest fear? Another health-focused ransomware attack that results in death of a patient.