Microsoft claims that the company has detected three state-sponsored hacking operations (also known as APTs) targeting seven prominent companies directly involved in researching vaccines and treatments for the COVID-19 pandemic. In a blog post published on November 13, the software giant says that state-sponsored hackers from Russia and North Korea are targeting leading pharmaceutical companies and vaccine researchers based in India, Canada, France, South Korea and the US.
Although the name of the healthcare companies in India and others remains unclear, the blog post provides brief details about attackers based out of these countries. Microsoft says that it condemns these state-sponsored actors and urges a crackdown on cyber attacks by governments of these countries.
Microsoft traced the attacks back to one threat actor in Russia and two North Korean hacking groups. The group based out of Russia, Strontium (aka Fancy Bear or APT28), was also found to be targeting anti-doping authorities and global sporting organisations last year. Microsoft says that the Russian group continues to use password spray and brute force login attempts to steal login credentials. “These are attacks that aim to break into people’s accounts using thousands or millions of rapid attempts,” it added. The other two groups, Zinc and Cerium are said to be based out of North Korea. While Zinc has primarily used spear-phishing attempts for credential theft, Cerium also engages in spear-phishing email by masquerading as World Health Organization representatives. The blog post without divulging much information adds that the company has notified authorities and offered help where attacks have been successful.
Microsoft further states that health industries based in these five countries are among the most recent examples, although several countries have been facing threats even before the pandemic as well. Earlier during the pandemic, cyber attackers had targeted Brno University Hospital in the Czech Republic, hospital systems in Paris and Spain, and medical clinics in Texas, US and. Earlier in September this year, a woman in Dusseldorf, Germany reportedly succumbed to death as a result of a cyber attack on a hospital, therefore making this the first known death case of such a cause.
The Redmond-based tech giant says that to combat growing cyber attacks on healthcare sectors across the world, active participation from government agencies is imperative. It further adds that it is “essential” for world leaders to unite around the security of healthcare institutions, especially at a time when economies are grappling with the COVID-19 pandemic. Earlier In April, the company had announced the development of AccountGuard – a threat notification service that would be made available to both healthcare and human rights organisations working on COVID-19 vaccine.