Microsoft says it has detected several attempts by state-sponsored hackers to steal coronavirus vaccine research.
Researchers at the tech giant said on Friday that Russian and North Korean hacker groups are behind a spate of attacks on health organisations spanning several nations.
“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19,” Microsoft said in a statement.
“The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium,” it added.
Several of the targets identified by Microsoft were located in Canada, France, India, South Korea and the United States. Although the companies remain unnamed, it is believed that the majority are conducting various stages of vaccine trials.
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organisation involved in trials, and one has developed a Covid-19 test,” Microsoft said.
Cyberattacks conducted against the organisations included attempts to steal login credentials of staff and high-level employees.
The Russian-backed Strontium group, for example, was found to be using password spray and brute force login attempts to steal credentials. Meanwhile, Zinc and Cerium were found to be primarily use spear-phishing attacks for credentials.
In particular, Cerium used spear-phishing email lures to masquerade as WHO representatives in an attempt to steal personal details.
While Microsoft said the attempts were a serious cause for concern, the majority of attacks were blocked by security protections. The tech giant also raised concerns over the rise of ‘malign actors to disrupt’ society since the onset of the coronavirus pandemic.
“We think these attacks are unconscionable and should be condemned by all civilised society,” the company said.
These attacks mark the latest in a string of attempts to disrupt or steal coronavirus vaccine research.
In July, the National Cyber Security Centre (NCSC), unveiled its own research into state-sponsored cyberattacks during the pandemic.
The Centre revealed that Russian state-backed group, APT29, had been highly active during the pandemic; targeting British, American and Canadian healthcare organisations.
- Russian hacker group exposed trying to steal Covid vaccine research
- Cybercriminals are preying on Covid-19 research, NCSC warns
- British spies are targeting the spread of Covid-19 vaccine misinformation
In a statement at the time, the NCSC said: “Throughout 2020, APT29 has targeted various organisations involved in Covid-19 vaccine development…highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines.”
While nations across Europe battle to stem the spread of a second wave, last week saw a degree of renewed optimism following a vaccine breakthrough. Pharmaceutical giant Pfizer announced that preliminary trials showed its vaccine to be 90% effective.
Despite renewed optimism, there are still significant cybersecurity challenges for healthcare organisations as well as the growing threat of misinformation.
The issue of misinformation has reached such an extent that GCHQ has launched an operation to ‘disrupt’ antivaccine disinformation by hostile nation-states.
A report from the Times claimed the organisation has developed a special toolkit to help gather social media communications and counter misinformation.
Combating vaccine misinformation is among the UK Government’s top priorities in the year ahead as healthcare services begin to roll-out vaccines.