+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

North Korean hackers tried to trick COVID-19 vaccine makers by posing as WHO officials

Nov 16, 2020, 16:52 IST
Business Insider
Supreme Leader of North Korea Kim Jong Un.Getty
  • North Korean and Russian state-backed hacking groups have tried to target COVID-19 vaccine-makers, Microsoft said in a blog post on Friday.
  • One of the North Korean groups, known as Cerium, tried to gain access to systems by sending "spear-phishing" emails posing as WHO officials.
  • A second North Korean group, pretending to be recruiters, sent emails containing phoney job descriptions.
Advertisement

State-backed hackers are trying audacious tactics to break into the systems of COVID-19 vaccine-makers.

In a blog post Friday, Microsoft detailed several attempted cyberattacks it had detected in recent months that targeted companies working on COVID-19 vaccines and treatments. Microsoft said three state-hacking groups, one Russian and two from North Korea, conducted the attacks.

Although it did not name the targets, Microsoft said they included seven "prominent" companies involved in researching COVID-19 vaccine and treatment development across the US, Canada, France, India, and South Korea.

One of the North Korean groups, known as Cerium, tried to gain access by posing as World Health Organization officials.

"Cerium engaged in spear-phishing email lures using COVID-19 themes while masquerading as World Health Organization representatives," Microsoft said.

Advertisement

Spear-phishing is a type of email scam where attackers pose as someone their target trusts to try to glean confidential information.

The other North Korean hacking group, known as Zinc, also used spear-phishing, although it chose a significantly less high-profile disguise. According to Microsoft, its hackers posed as recruiters, and sent emails with fake job descriptions.

The Russian group, named Strontium, used a brute-force technical approach known as "password spray."

"These are attacks that aim to break into people's accounts using thousands or millions of rapid attempts," Microsoft said in its blog post.

It is not clear from Microsoft's post exactly whether the hackers were looking to steal information from the companies, sabotage them, or had other motivations.

Advertisement

Over the course of the pandemic, developing a vaccine has become something of a new space race. Russian President Vladimir Putin said in August that the country had approved the world's first coronavirus vaccine named Sputnik V — although health experts raised serious concerns over its efficacy and safety.

Earlier in November, two days after US company Pfizer announced it had developed its vaccine that it said was 90% effective at protecting people against COVID-19, the Russian Direct Investment Fund (RDIF) put out a statement claiming that Sputnik V was 92% effective.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article