Microsoft accused Russia and North Korea of attacks on pharmaceutical companies

Microsoft accused Russia

Microsoft representatives accused Russia and North Korea of attacks on pharmaceutical companies. They reported that, according to their data, in recent months, three APT groups have attacked at least seven companies engaged in COVID-19 research and vaccine development.

Two global issues will help shape people’s memories of 2020: Covid-19 and the increased exploitation of the Internet for disruption of the economy. It is alarming that these threates are now gathered together, as according to Microsoft officials, attackers use cyberattacks are being to undermine healthcare organizations fighting the pandemic.

The Russian-speaking group Strontium (Fancy Bear, APT28, and so on), as well as the North Korean Zinc (Lazarus) and Cerium, are accused of these attacks.

The attacks targeted the vaccine manufacturers, whose development is in various stages of clinical trials, the clinical research organization that is involved in these trials, and the organization that created the COVID-19 test.said in a statement.

The victim companies, whose names are not disclosed, are based in Canada, France, India, South Korea, and the United States.

Many attacked organizations have signed contracts with government agencies from different democratic countries that have invested in their research related to Covid-19.

Let me remind you that I talked about the fact that cybercriminals attacked the University of California, San Francisco (UCSF), one of the leaders in developing a vaccine against COVID-19.

According to Microsoft, the Strontium group used brute force and password spraying to steal credentials, hack accounts and steal confidential information. The technique mentioned is that the attackers go through different usernames and try to use them with the same simple, easily guessed password, in the hope of finding a poorly protected account.

In turn, the Zinc (aka Lazarus) hack group relied heavily on targeted phishing campaigns, sending out emails to potential victims with fake job descriptions and posing as recruiters.

The second North Korean faction, Cerium, appears to be a new player. Microsoft representatives say that Cerium organized targeted phishing attacks, posing as representatives of the World Health Organization, and the content of the decoys was associated with COVID-19.

Microsoft is calling on world leaders to reaffirm that international law protects healthcare facilities and to take the necessary steps to enforce the law.Microsoft VP Tom Burt wrote in a blog post.

Let me also remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *