Vertical markets, Content

Report: North Korean Hackers Hit Six COVID-19 Vaccine Developers

North Korean hackers have tried to steal vital data from at least six pharmaceutical companies developing COVID-19 vaccines, according to multiple reports.

The targeted drug makers include U.S.-based Johnson & Johnson and Novamax; AstraZeneca in the U.K. and South Korea-located Genexine, Shin Poong Pharmaceutical and Celltrion, The Wall Street Journal reported. Of those, AstraZeneca is the furthest along in development, recently announcing that its vaccine has shown 90 percent efficacy as it is requesting emergency use authorization from the U.S. Food and Drug Administration (FDA).

North Korean hackers have coordinated attacks on the six companies since August, the WSJ's report said. At this point, it’s not known if vaccine developers Pfizer and BioNTech, and Moderna have eluded the cyber attackers's sights. Last week, reports surfaced that North Korean bad actors had been trying for weeks to break into AstraZeneca’s networks without apparent success, in one case posing on social media sites as bogus job recruiters.

The attackers reportedly used the same IP addresses as earlier cyber offensives attributed to North Korean crews that fired on the U.S. State Department, according to the WSJ's report. Neither U.S. intelligence nor similar agencies in the U.K. and South Korea have yet attributed the North Korean cyber shots to either an unaffiliated hacking group, nation-state sponsored hackers or individuals.

In late November, Microsoft warned that North Korean and Russian state-backed hackers had intensified cyber attacks on seven unnamed pharmaceutical companies researching vaccines and treatments for COVID-19, located in Canada, France, India, South Korea and the U.S.. Although Microsoft has blunted a majority of the attacks, a few have gotten through security defenses baked into its products, Tom Burt, Microsoft customer security & trust corporate vice president, said in a blog post.

Those offensives were set in motion by the Russia-based Strontium crew, also known as Fancy Bear and APT28, and two actors originating from North Korea that Microsoft dubbed Zinc and Cerium. Microsoft previously identified Strontium as responsible for attacks on some 200 organizations, including political campaigns and advocacy groups. Most of the prey are vaccine makers with COVID-19 immunizations in various stages of clinical trials. Among them is a clinical research organization involved in trials, and another has developed a COVID-19 test, Burt said. A number of targets have contracts or investments with government agencies related to COVID-19 research and development.

“We think these attacks are unconscionable and should be condemned by all civilized society,” Burt wrote. “We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help,” wrote Burt. “These are just among the most recent attacks on those combating COVID-19. Cyber attacks targeting the health care sector and taking advantage of the pandemic are not new.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.