Microsoft: Russia and North Korea are attacking vaccine makers’ networks

Microsoft claims to have seen cyber attacks on seven pharmaceutical companies working on covid-19 vaccines in recent months. The attacks would come from Russia and North Korea.

Microsoft provides some details about the attacks on vaccine makers in a call the company is directing governments to do more against online attacks on the health sector. The company does not name names, but speaks of pharmaceutical companies and makers and researchers of covid-19 vaccines and tests from Canada, France, India, South Korea and the United States being attacked.

A group of cyber criminals called Strontium is said to be partly responsible for the attacks. This is a so-called state actor, who would work on behalf of Russia and is also known as APT28 or Fancy Bear. This grouping would try to gain access to accounts by massively trying out login data.

In addition, Microsoft has been able to trace attacks to Zinc and Cerium, two groups that would operate on behalf of North Korea. Zinc would focus on spear phishing to gain access, in particular by directing people to a fake site with messages with vacancies. Cerium, in turn, would send messages supposedly from members of the World Health Organization to gain trust.

Microsoft claims to have discovered and repelled the majority of attacks, or to help if attacks proved successful. The attackers are likely trying to access results related to covid-19 vaccines and tests. The attacked companies have agreements with certain governments for their work and the delivery of eventual vaccines.