Nation-State Hacking Campaigns Targeting COVID-19 Research Firms

By Jessica Davis

– COVID-19 vaccine developers and research firms are again facing targeted cyberattacks, with an ongoing campaign led by nation-state hackers with ties to North Korea and Russia, according to Microsoft.

Researchers have observed nation state threat actors targeting seven firms leading COVID-19 vaccine and treatment research, including pharmaceutical companies and researchers in the US, Canada, France, India, and South Korea.

The campaigns are led by the Russian hacking group known as Strontium and North Korean hackers, Zinc and Cerium.

Cybercriminals have ramped up their malicious attacks throughout the pandemic, from phishing attacks and fraud schemes tied to the coronavirus, to nation-state attacks on coronavirus research and human-operated ransomware attacks on the healthcare sector.

Most recently, a joint alert from the FBI and the Departments of Health and Human Services and Homeland Security warned of a wave of ransomware attacks on healthcare entities, which has already claimed at least a dozen victims.

The latest hacking campaign is primarily focused on COVID-19 vaccine manufacturers in various stages of clinical trials, including one clinical research foundation involved in clinical trials and one firm that developed a COVID-19 test, Tom Burt, Microsoft’s corporate vice president, customer security and trust, explained in a blog post.

Several targeted organizations are contracted with or have investments from the government to work on research tied to the virus.

The Russian-backed Strontium attacks leverage brute-force login or password-spray attacks, which are designed to break into user’s accounts using thousands or millions of rapid attacks.

Meanwhile, Zinc primarily uses spear-phishing lures masked as fabricated job descriptions sent from recruiters in an effort to steal credentials. The other North Korean-tied campaign, Cerium, also focuses on spear-phishing emails that use COVID-19 themes purportedly sent from fake World Health Organization representatives.

Microsoft was able to block the majority of the attempts, and…