fake pictures
Hackers sponsored by the governments of Russia and North Korea have targeted companies directly involved in research into COVID-19 vaccines and treatments, and in some cases the attacks have been successful, said Microsoft Friday.
In all, seven top companies were targeted, said Tom Burt, vice president of customer trust and security at Microsoft. They include vaccine makers with COVID-19 vaccines at different stages of clinical trials, a clinical research organization involved in the trials, and a developer of a COVID-19 test. They have also targeted organizations with contracts or investments from government agencies around the world for work related to COVID-19. The targets are in the United States, Canada, France, India and South Korea.
“Microsoft is asking world leaders to assert that international law protects healthcare facilities and to take action to enforce the law,” Burt wrote in a blog post
. “We believe the law should be enforced not only when attacks originate from government agencies, but also when they originate from criminal groups that governments allow, or even facilitate, to operate within their borders. It is a criminal activity which cannot be tolerated ”.
One of the attack groups involved is Strontium, Microsoft’s nickname for Russian government-sponsored hackers. They use password propagation and brute force login attacks that bombard servers with large numbers of credentials in the hopes of guessing the right ones. Last year, Microsoft detected printers and other devices infected with Strontium and used them as bridgeheads to compromise the networks to which they are connected. Most recently, Microsoft said Strontium targeted the Trump and Biden campaigns.
Two other groups, called Zinc and Cerium, work on behalf of the North Korean government. Both use spear phishing emails, with Zinc and Cerium manufacturing job recruiters posing as representatives of the World Health Organization.
“Most of these attacks have been blocked by security protections built into our products,” Burt said of the activities of the three groups. “We notified all target organizations and, when the attacks were successful, we offered to help.”
Friday’s blog post comes two weeks after officials from three US government organizations warned ransomware hackers were targeting hundreds of US hospitals.
Other attacks, Burt said, targeted hospitals in the Czech Republic, France, Spain, Thailand and the United States. In September, a patient died after a ransomware attack redirected her to a remote hospital in Germany.
In April, Microsoft announced that it would make its AccountGuard threat notification service available to healthcare and human rights organizations working on COVID-19. To date, 195 organizations have registered. Microsoft now protects 1.7 million email accounts for health-related groups.