According to Microsoft, COVID-19 researchers have been targeted by state-backed hackers from North Korea and Russia. The majority of companies attacked are involved in vaccine and treatment research.
In a recent blog post Microsoft identified three groups that are said to be behind the hacking attempts. The first is Strontium, a group that originated in Russia
The others are Zinc and Cerium (names given to them by Microsoft) are from North Korea, with the former perhaps being better known as the Lazarus Group. It has been blamed for other hacking attempts in recent years, including a 2018 malware campaign. However, it was never confirmed as the culprit.
Even less is known about Cerium, which perhaps is not surprising. As Microsoft told TechCrunch, this the the first time it has openly referenced the group.
Microsoft has said that the groups are nation-state actors have gone after seven companies from Canada, France, India, South Korea and the United States that are involved in searching treatments and vaccines for COVID-19.
How they’re doing it
The company vaguely detailed several different methods utilised by the groups, including brute force login attempts and phishing emails that impersonated that World Health Organization (WHO). However, it did not go into specifics.
“Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people’s accounts using thousands or millions of rapid attempts,” Microsoft said in the blog post.
“Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organization representatives.”
Microsoft stated that the majority of the attacks were blocked and the companies were alerted. It also said that it offered help to companies that suffered successful attacks.
The company has not revealed which organisations were targeted or when the hacking attempts took place.
COVID-19 hacks and scams are rampant
This is certainly not the first time that bad actors have attempted to exploit COVID-19.
Here in Australia we’ve seen the impersonation of the government and banks, as well as scams involving superannuation withdrawals and fake monetary support payments. There was even an instance of tricking people into paying for fake COVID-19 tests.