Covid-19 Vaccine Research in India, Abroad Bombarded by North Korean, Russian Hackers
Vials with a sticker reading, 'COVID-19/Coronavirus vaccine/Injection only', and a medical syringe are seen in front of a displayed AstraZeneca logo in this illustration taken October 31, 2020. (Image: Reuters/Dado Ruvic)
Cyber security experts believe state-sponsored RATs and APTs from North Korea and Russia are majorly behind a renewed wave of cyber attacks targeting Covid-19 vaccine research projects, and will continue in the near future.
- Last Updated: November 24, 2020, 18:00 IST
- FOLLOW US ON:
Covid-19 vaccine research is possibly the most critical field for pharmaceutical giants across the world right now, with billions around the world held hostage by the coronavirus for almost a year now. Naturally, the research field has invaluable importance for all across the world, and it is this area that is now seeing significantly increased targeting by state-backed hackers. According to incident reports from numerous cyber security watchdogs including Cybereason, Eset, Microsoft and many others, this spurt of cyber attacks will likely last for at least a year, with attackers identified as being from North Korea and Russia in particular involved in attempts to steal critical data.
Microsoft, for one, identified the infamous Lazarus group of North Korea, along with Cerium and Kimsuky (also from North Korea), as well as other advanced persistent threat (APT) attackers from Russia. Similar reports have also surfaced from Cybereason and the United Kingdom National Cyber Security Centre, which identified noted threat actor APT29 as part of this entire cyber attack spurt. APT29, for instance, is a hacker group believed to be backed by national governments, and has already been noted for their state-level targeting of critical data. In light of Covid-19 research projects, APT29 is seemingly working towards exfiltrating data related to medical trials and advancements.
Most hacker collectives are now targeting Covid-19 research projects on a similar vein, hence contributing to far more serious circumstances than the initial months of Covid-19 – a period when threat actors were targeting individuals with ransomware by spoofing Covid-19 data tools.
Explaining the impact of such attacks, Jake Moore, cyber security specialist at Eset, says, “We clearly need to maximise the security of these facilities in order to protect the intellectual property and medical research. The impact of a breach of this data could not only be catastrophic but also has the potential to delay the most important vaccine in generations. Such attacks can occur in a variety of ways, but so many have a success rate when hacking the human. Social engineering and highly-targeted phishing campaigns are still relatively successful and staff need to have measures in place to resist any misfortunate clicking or downloading.”
One Microsoft report highlighted targeted cyber crime activity linked to these APTs, which are remotely targeting pharmaceutical companies in India, Canada, France, South Korea and USA. At least seven companies linked to Covid-19 research projects have already been attacked steadily for divulging key research data, including trial drug formulae, data sets from clinical Covid-19 vaccine trials, and other related data. As examples of how pharmaceutical companies are being targeted, the recent attacks on India’s Dr Reddy’s, and USA’s Pfizer, serve as prime examples.
The main objective behind this, hence, is likely data theft, and this trend is expected to remain through the year. Significant ransom attempts cannot be ruled out, either.