North Korea and Russia are still trying to hack some of the world’s most prominent coronavirus vaccine researchers, cybersecurity researchers said Friday.
Tom Burt, Microsoft vice president of customer security and trust, wrote in a blog post Friday that government hackers from both countries have in recent months targeted “seven prominent companies directly involved in researching vaccines and treatments for COVID-19” around the world.
Most of those have vaccines already in clinical trials. In at least some unspecified instances, they successfully breached their target, he said. It wasn’t immediately clear how serious those intrusions were, and a Microsoft spokesperson declined to elaborate.
Nation-state hackers started targeting vaccine researchers almost as soon as the pandemic started. But Microsoft’s visibility into hackers is some of the most significant in the world, given the worldwide use of its products. North Korea and Russia have recently gone after major researchers and pharmaceutical companies in Canada, France, India, South Korea and the U.S., he said.
Usually, the hackers’ efforts start with basic entry tools, either by sending targeted phishing emails, like fake job recruitment offers, or by “password spray,” where they automate systems to try to guess passwords.
Government hackers targeting vaccine research are broadly assumed to be conducting espionage for their own countries’ vaccine efforts, rather than hacking to cause deliberate harm to those organizations. But that activity can still hamper that research, said John Hultquist, the director of intelligence analysis at the cybersecurity company Mandiant Solutions.
“North Korean actors have a history of carrying out an intrusion and then carrying out a destructive attack to make the forensic work very difficult. The idea that they could steal some covid-19 research and carry out a destructive attack is pretty serious,” he said