Microsoft: State-backed hackers targeted COVID-19 vaccine creators

Russia and North Korea are the alleged culprits.

State-sponsored campaigns to hack COVID-19 vaccine makers might be more commonplace than previously thought. According to ZDNet, Microsoft has detected hacks from three “nation-state actors” targeting seven pharmaceutical firms and researchers, including the US as well as Canada, France, India and South Korea. The software giant didn’t name the targets, but said the “majority” are involved in coronavirus vaccine development and research.

The campaigns reportedly come from Russia’s APT28, better known as Fancy Bear or Strontium, as well as North Korea’s Lazarus Group (aka Zinc) and a new Cerium outfit. Fancy Bear used brute force and “password spray” attempts to steal sign-in credentials, while Lazarus and Cerium have leaned on spear phishing efforts to impersonate recruiters and the World Health Organization.

Microsoft said that its products blocked most of the attempts, and that it was offering help in cases where the intruders were successful.

The news comes as Microsoft president Brad Smith is joining others in urging Paris Peace Forum countries to declare that international law protects the healthcare industry and to do a better job of enforcing that law.

As the Swiss Federal Institute of Technology’s Stefan Soesanto told ZDNet, however, Microsoft might not find a receptive audience. Many countries don’t have the legal resources to protect healthcare, while others aren’t interested or are launching hacks themselves. For now, vaccine researchers may have to rely on their own defenses to protect sensitive medical data against theft.