According to Microsoft, three major Advanced Persistent Threats or APTs are involved in ongoing breaches at pharmaceutical and clinical organizations involved in COVID-19 research.
State-sponsored hacking groups, in particular, are actively attempting to breach companies involved in COVID-19 vaccine research. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea, and another North Korea-linked group dubbed Cerium are thought to be behind the attacks. Most of the attacks have been against vaccine-makers that have advanced to various stages of clinical trials, while one victim is a clinical research organization involved in trials, and another developed a COVID-19 test.
While some of the attacks have been successful, it’s unclear if the hackers were successful in initial compromise or in actually stealing data from researchers.
As far as the APTs involved, Russia’s APT28 group, which Microsoft refers to as Strontium and known as Fancy Bear or Sofacy, uses password-spraying and brute-force efforts to penetrate employee accounts. Lazarus Group, called “Zinc” by Microsoft, uses spear-phishing emails to steal credentials by sending messages with fabricated job descriptions from phony recruiters. The Cerium hacking group is also using spear-phishing emails, but in their case, the messages purport to be coming from the World Health Organization.
This news is just the latest in a 2020 trend of hackers targeting entities focused on getting the world out of the deadly COVID-19 pandemic. Both private and state-sponsored groups target COVID research because of the economic and influential advantages a successful treatment and vaccines will provide to several countries.
Other Attacks Related to Ongoing COVID-19 Research
In October of 2020, COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories shut down plants in Brazil, India, Russia, the U.K., and the US following a hack. The Indian company is the contractor for Russia’s “Sputnik V” COVID-19 vaccine, which is in Phase 3 human trials.
In July of 2020, the US Department of Homeland Security warned that Russia-linked group APT29 targeted British, Canadian and U.S. research companies. This APT was attempting to steal COVID-19 vaccine research from academic and pharmaceutical institutions in a likely attempt to try to advance on a cure for the coronavirus.