Cyberattacks that originated in North Korea and Russia have been targeting companies conducting research for COVID-19 vaccines and treatments, Microsoft said in a new blog post. The company says the attacks were aimed at seven leading pharmaceutical companies and researchers in the US, Canada, France, India, and South Korea.
The campaigns reportedly come from Russia’s APT28, better known as Fancy Bear or Strontium, as well as North Korea’s Lazarus Group (aka Zinc) and a new Cerium outfit. Fancy Bear used brute force and “password spray” attempts to steal sign-in credentials, while Lazarus and Cerium have leaned on spear phishing efforts to impersonate recruiters and the World Health Organization.
Microsoft said that its products blocked most of the attempts, and that it was offering help in cases where the intruders were successful.
The news comes as Microsoft president Brad Smith is joining others in urging Paris Peace Forum countries to declare that international law protects the healthcare industry and to do a better job of enforcing that law.
Coronavirus cases are on the rise across the US/UK and other parts of the world, but there are some promising signs in the development of a vaccine. Pfizer and BioNTech announced their vaccine was 90 percent effective at preventing symptomatic COVID-19 in clinical trials. That preliminary data hasn’t been examined by independent researchers yet, but experts called the news “extremely encouraging.”