On Friday (13), the Microsoft Blog made a serious complaint: three groups of hackers working for the governments of North Korea and Russia have been promoting, in recent months, cyber attacks on seven companies involved in vaccine research and treatments for covid-19.
Among the targets of criminals are some of the leading pharmaceutical groups and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from two North Korean groups known at Microsoft as Zinc and Cerium. The Russian group would be the Strontium.
Although it did not name the target companies, Microsoft says that the majority are manufacturers that have covid-19 vaccines undergoing clinical trials. Most organizations already have contracts or investments from government agencies in several Western countries for mass production of the vaccine.
How do hackers act?
The North Korean group known as Cerio tried to gain access, trying to impersonate representatives of the World Health Organization, by sending e-mails with covid-19 themes and spear phishing links, which take the unsuspecting recipient to a website full of malware.
Similarly, Zinc’s tactic involves stealing credentials through job posting messages. Russians, on the other hand, use Brute Force and Password Spray tactics that try to “guess” the passwords of well-known users. In the first, the attempt is straightforward, while in the “spray” several weak passwords are tested.
According to Microsoft, most of the attacks were blocked by the action of security guards that are already installed in its products. However, the company has notified all targeted companies, offering help in any cases that may have been successful.
According to Exame magazine, the Russian embassy in Washington said in an email that it reiterates its previous denials of involvement in digital espionage. The North Korean representative at the United Nations also denies any participation by his country in hacking attacks abroad.