- Kimsuky hacker group targeted at least six drugmakers
- The cyberattacks targeted companies developing COVID-19 treatment
- Russian and North Korean hackers attacked AstraZeneca in November
A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack.
Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime.
Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage.
Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.
Both American drugmakers are working on experimental vaccines for the novel coronavirus, while the three South Korean pharmaceutical companies are holding early clinical trials of their COVID-19 drugs.
The “Kimsuky” hackers create e-mail accounts that enable them to pose as colleagues or friends. The messages contain malicious attachments that , when clicked on, would allow hackers to penetrate the targets’ computer systems.
It is unclear whether the hackers have stolen crucial information from any of their target companies.
The hackers reportedly posed as recruiters on LinkedIn and WhatsApp, where they found and approached AstraZeneca employees with fake job offers. They then sent a document containing “more information about the job.” It was later discovered that the files had malicious codes designed to grant the hackers access to their target’s computers.
The “Kimsuky” hackers targeted multiple employees, including people who were working on crucial coronavirus research. However, the…