Russia and North Korea launch ‘disturbing’ cyberattacks on Covid vaccine labs

The US software giant has called the attacks “criminal activity that cannot be tolerated”, and is urging governments to act. The firm says the targets include healthcare research companies in Canada, the US, France and more.

It comes as companies around the world rush to develop vaccines and other treatments to halt the spread of COVID-19.

Microsoft has said it has detected attacks from three sources – one in Russia and two in North Korea.

It referred to the Russian actors as ‘Strontium’ and to the North Korean ones as ‘Zinc’ and ‘Cerium’.

Strikingly, it said the “majority” of the attacks targeted firms involved in vaccine development, including one conducting trials.

Microsoft said: “We think these attacks are unconscionable and should be condemned by all civilized society.

“Two global issues will help shape people’s memories of this time in history – Covid-19 and the increased use of the internet by malign actors to disrupt society.

READ: China and Russia could be banned from takeover of UK companies over national security

These attempts – known as password spray attacks – can use millions of password guesses in rapid succession.

The North Korea-based ‘Zinc’ and ‘Cerium’ attacks took a different approach. These took the form of phishing scams, whereby the scammers pose as someone else in order to trick the victim into giving out information.

In this case, the North Korean organisations posed as job recruiters and World Health Organisation representatives in emails.

Microsoft said it had blocked most of the attacks using security software installed in its products – though it admitted some had been successful.

The firm added: “We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help.

“We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders.”

The cyberattacks are not the only ones to have targeted healthcare organisations in recent times.

Last month, the US Cybersecurity and Infrastructure Security Agency, along with the FBI, warned of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers”.

The warning came amid what analysts have called a “wave of ransomware attacks” which hit as many as 20 medical facilities in the country.

Tom Hottman, a spokesperson for Sky Lakes Medical Center, which was affected, told NBC News the attacks had impacted on radiation treatments for cancer patients.

He added: “We’re still able to meet the care needs for most patients using work-around procedures, i.e. paper rather than computerized records. It’s slower but seems to work.”

source: express.co.uk