Russian and North Korean government operatives have attempted to breach seven high-profile companies developing coronavirus vaccines and treatments and have succeeded on several occasions, a senior official at Microsoft said Friday.
"The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States," Tom Burt, Microsoft’s corporate vice president of customer security and trust, wrote in a blog post, according to Politico.
Microsoft attributed the malicious activity to three groups: Strontium, a unit of Russia’s military intelligence agency that's also known as Fancy Bear and APT28; Zinc, a North Korean hacker team better known as the Lazarus Group; and Cerium, another North Korean group.
Burt said Microsoft's security tools blocked "the majority" of the attacks. "We've notified all organizations targeted," he wrote, "and where attacks have been successful, we've offered help."
The UK's National Cyber Security Centre (NCSC) has previously said Russian hackers were targeting vaccine research, the BBC wrote. In July, the UK said Russian intelligence was behind the targeting of UK research, including the Oxford vaccine.
Microsoft said the Russian group had used "brute force" tactics, trying to log in to accounts using millions of different passwords.
The North Korean hackers preferred to use spearphishing emails to entice people into unwittingly handing over their passwords. Zinc sent fake job-recruiting messages, while Cerium posed as World Health Organization officials sharing coronavirus data.
Russia has previously denied targeting vaccine research. The Russian embassy in Washington, USA told news agency Reuters it had nothing further to add.
North Korea's representative to the United Nations has not yet responded to messages seeking comment.
Microsoft has urged governments around the world not to target healthcare.
Cyber attacks: Related reports
- EU imposes sanctions on four Russians, GRU military intel unit over cyberattacks
- RFE/RL: U.S. releases cybersecurity advisory on new 'Drovorub' Russian malware
- Microsoft records over 13,000 gov't-supported cyber attacks over two years, most originating in Russia
- Hacker group stealing gov't secrets, ESET security experts say
- Norway blames Russia for cyber attack on parliament
- U.S. Treasury sanctions Russian government research institution connected to Triton malware