Russian and North Korean Groups Still Targeting #COVID19 Vaccine Firms

Microsoft has urged governments to act after revealing that three state-sponsored threat groups have been targeting seven companies currently developing COVID-19 vaccines and treatments.

VP for customer security and trust, Tom Burt, pointed the finger at the Russian military Strontium group (aka APT28, Fancy Bear) and North Korea’s Zinc (aka Lazarus) and Cerium groups.

The pharma and vaccine companies being targeted were not named, but Microsoft said they hailed from Canada, France, India, South Korea and the US, and have vaccines and COVID-19 tests in clinical trials.

“Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people’s accounts using thousands or millions of rapid attempts,” Burt explained.

“Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using COVID-19 themes while masquerading as WHO representatives. The majority of these attacks were blocked by security protections built into our products. We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help.”

Such companies have been targeted throughout the year. Back in May reports suggested state-backed APT attacks on the UK’s leading vaccine contender, being developed by AstraZeneca and Oxford University.

The same month, the US authorities blamed Chinese actors for trying to steal valuable virus research IP from domestic companies.

A couple of months l ..

Support the originator by clicking the read the rest link below.