It has been reported that UK drug company AstraZeneca has been targeted by suspected North Korean hackers thought to be looking for COVID vaccine secrets.

Used WhatsApp and LinkedIn

Over the last few weeks, attacks have reportedly been launched on AstraZeneca’s systems by hackers posing as recruiters.  The bogus recruiters used LinkedIn and WhatsApp to target AstraZeneca staff with fake job offers and hid malicious code/malware in the job description documents that were sent to those staff members. Opening the documents would have launched malware that would enable an attack on the drug company’s systems.

COVID-19 Vaccine

Since the first attempts to develop a vaccine, governments and drug companies have warned about and prepared for state-sponsored attacks from many different countries.

AstraZeneca is currently one of the top three COVID-19 vaccine developers after working with Oxford University to develop a vaccine with an overall efficacy of 70 per cent, a lower one of 62 per cent, and a high of 90 per cent (for a half dose followed by a full dose).   In the US, the FDA has said that any COVID-19 vaccine must be at least 50 per cent effective to be useful in fighting the pandemic.

North Korean?

The attacks on AstraZeneca have been identified as likely to have been the work of North Korea-based hackers because the tools and techniques closely resemble those been used as part of an ongoing hacking campaign that first targeted defence and media company systems.

It is likely, therefore, that the shift in focus followed recent announcements of the success of the Oxford vaccine development.

China

Back in July, it was reported that hackers linked to the Chinese government had targeted vaccine research developer Moderna Inc in the U.S.

Microsoft Says “Cyberattacks Targeting Health Care Must Stop”

Microsoft recently posted on its blog to say that cyberattacks targeting health care must stop and identified Russian hackers known as “Strontium” and two hacking groups from North Korea known as “Zinc and Cerium” as being recent culprits.  Microsoft said that Strontium has been using password spray and brute force login attempts to steal login credentials, Zinc has been using spear-phishing lures for credential theft, and “sending messages with fabricated job descriptions pretending to be recruiters”.  Microsoft also reported that Cerium had been using “spear-phishing email lures using COVID-19 themes while masquerading as World Health Organisation”.

What Does This Mean For Your Business?

State-sponsored attacks and attempted interference in the processes of other countries are now widespread, expected, and is an area of a kind of ongoing ‘warfare’ that all countries must deal with. COVID-19 has severely damaged economies and laid waste to many businesses.  Getting effective vaccines approved and into the population of many countries is a vital step in enabling businesses to have a chance of finding more stability and making a recovery and, therefore, attacks on vaccine-makers are clearly a real cause for concern.  This is one of the reasons why Microsoft’s President Brad Smith, has recently called for more to be done by world leaders to take action to uphold international law that protects health care facilities and to enforce the law in attacks by government agencies and criminal groups that governments facilitate/enable to operate.