Microsoft representatives accused Russia and North Korea of attacks on pharmaceutical companies. They reported that, according to their data, in recent months, three APT groups have attacked at least seven companies engaged in COVID-19 research and vaccine development.Two global issues will help shape people’s memories of 2020: Covid-19 and the increased exploitation of the Internet for disruption of the economy. It is alarming that these threates are now gathered together, as according to Microsoft officials, attackers use cyberattacks are being to undermine healthcare organizations fighting the pandemic.
The Russian-speaking group Strontium (Fancy Bear, APT28, and so on), as well as the North Korean Zinc (Lazarus) and Cerium, are accused of these attacks.
The victim companies, whose names are not disclosed, are based in Canada, France, India, South Korea and the United States.
Many attacked organizations have signed contracts with government agencies from different democratic countries that have invested in their research related to Covid-19.
Let me remind you that I talked about the fact that cybercriminals attacked the University of California, San Francisco (UCSF), one of the leaders in developing a vaccine against COVID-19.
According to Microsoft, the Strontium group used brute force and password spraying to steal credentials, hack accounts and steal confidential information. The technique mentioned is that the attackers go through different usernames and try to use them with the same simple, easily guessed password, in the hope of finding a poorly protected account.
In turn, the Zinc (aka Lazarus) hack group relied heavily on targeted phishing campaigns, sending out emails to potential victims with fake job descriptions and posing as recruiters.
The second North Korean faction, Cerium, appears to be a new player. Microsoft representatives say that Cerium organized targeted phishing attacks, posing as representatives of the World Health Organization, and the content of the decoys were associated with COVID-19.
Let me also remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.