What you need to know
- Microsoft detected Russian and North Korean hackers targeting data related to COVID-19 research.
- The primary target of the attacks include vaccine researchers and leading pharmaceutical companies.
- Microsoft has offered help to targeted organizations.
Microsoft reports that it's detected multiple cyber attacks by nation-state actors that target companies involved in researching treatments and vaccines for COVID-19. The targets include companies in Canada, France, India, South Korea, and the United States, though Microsoft did not share the names of the companies. According to Microsoft, the attacks come from three nation-state actors, one from Russia and two originating from North Korea.
Microsoft states that the majority of the attacks were stopped by security protections built into its products, but that it's offered help to organizations that have been successfully hacked.
The Russian actor is known as Strontium, but is better known as APT28 or Fancy Bear, as pointed out by Tech Crunch. It utilizes password spraying and brute force login attempts to steal login credentials. The goal of its attacks is to break into people's accounts.
The two North Korean actors are known as Zinc and Cerium. Zinc, also known as the Lazarus Group, primarily uses spear-phishing lures to steal people's credentials. Zinc pretended to be a recruiter and sent messages to people with fake job descriptions. Cerium also uses spear-phishing lures. Cerium pretended to be World Health Organization representatives.
Microsoft's news of the detected attacks coincides with the Paris Peace Forum. Microsoft president Brad Smith is calling on governments to do more at the forum today. "Microsoft is calling on the world's leaders to affirm that international law protects health care facilities and to take action to enforce the law," says Microsoft in its blog post.
