Techrecipe

MS “Russian and North Korean hackers attack Corona 19 research organization”

Microsoft announced that North Korean and Russian hacker organizations are conducting cyber attacks against organizations that are researching a COVID-19 vaccine or treatment. According to Microsoft, the targets of cyber attacks are the United States, Canada, France, India, and seven major pharmaceutical companies and researchers in Korea.

The main culprits of cyber attacks by Microsoft were Strontium, a hacker organization supported by the Russian government, aka Fancy Bear (APT28), and Zinc, a hacker organization supported by North Korea, and Hidden Cobra and CE. (Cerium).

Most of the subjects are vaccine manufacturers that are already undergoing clinical trials in the Corona 19 vaccine research. It also targets clinical research organizations participating in the test and companies that developed the Corona 19 test. Strontium steals login credentials with a password spray attack that attacks ID and password combinations indiscriminately. In addition, Zynq and CE are said to have stolen credentials through a phishing attack that sends malicious files or links to individual researchers by e-mail pretending to be an official. However, it is said that most of these attacks were blocked by Microsoft security, and support was provided when the attack was successful.

Cyber attacks targeting these medical facilities are not new. Selecting a hospital targeted for ransomware attacks that restricts access to the system and demands a ransom has already been reported several times. In September 2020, the system was locked by a ransomware attack, making it difficult to accommodate patients, and a case of death occurred in a patient transferred to an ambulance.

In addition, it was also revealed that the hacker organization The Duke, aka APT29, which is supported by the Russian government like strontium, was hacking an organization participating in the development of the Corona 19 vaccine. Microsoft appealed that cyber attacks that confuse medical institutions fighting COVID-19 are out of human nature and will be criticized by all civilized societies, and that it should stop targeting cyber attacks on medical facilities. Related information can be found here .