Published on the 19/11/2020 | Written by Heather Wright
Microsoft names names in alleged state-sponsored hacking…
As the real world battle against Covid-19 heats up, so too is the online battle against the virus, with Microsoft reporting numerous state-sponsored cyberattacks against leading pharmaceutical companies and vaccine researchers.
The tech giant says hackers backed by Russia and North Korea have been targeting leading companies and researchers in Canada, France, India, South Korea and the United States.
And while Microsoft is saying it blocked the ‘majority’ of attacks, it admits some were successful, though it’s not naming which companies were successfully hacked.
“Multiple organisations targeted have contracts with or investments from government agencies from various democratic countries.”
Both New Zealand and Australia have multiple separate agreements for vaccines.
The majority of the targets were vaccine makers with vaccines in various stages of clinical trials. Also targeted are a clinical research organisation involved in trials, and a company which has developed a Covid-19 test.
“Multiple organisations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.
“We think these attacks are unconscionable and should be condemned by all civilised society,” Tom Burt, Microsoft corporate vice president, customer security and trust, says in a blog post, urging governments to take action.
One of the North Korean groups, which Microsoft calls Zinc, is better known as Lazarus Group – the group blamed for the 2016 Sony hack and the WannaCry ransomware spread the following year. This time around it’s been using spearphishing lures, pretending to be recruiters, for credential thief.The second North Korean-backed group, which Microsoft calls Cerium, has also been using spearphishing email lures, this time masquerading as WHO representatives. The Russian actor, Strontium, uses password spray and brute force login attempts to steal login credentials.
The attacks have been underway for a number of months, with the UK’s National Cyber Security Centre, part of spy agency GCHQ, publishing an advisory in July warning of an ongoing campaign by Russian actors targeting organisations involved in vaccine development in the UK, US and Canada. The NCSC said at the time that the threat group was almost certainly part of Russian intelligence services.
While it didn’t name any targets, the University of Oxford, whom Australia has deals with for the AstraZeneca vaccine, has said it is working with the NCSC to protect its research, which is one of the most progressed vaccines in development and which, if proven to be safe and effective, could be available early next year.
Covid-19 is a hot area for attacks. The NCSC’s annual threat review report notes that of the 723 attacks the agency handled in the year to 31 August 2020, around 200 were Covid-related, including nation-state attacks and criminal campaigns, including fake shops selling PPE, test kits and even vaccines.
The average Joe Bloggs has also been a target, with cyber criminals opportunistically exploiting demand for information. Fake Covid-19 contact tracing apps, phishing enabled fraud involving financial relief packages and payments and the use of CV attachments to install credential-stealers and other malicious files on victims computers are among the activity reported this year.
While stealing research is a key motive at the top end, Andrew Hampton, director general of New Zealand’s Government Communications Security Bureau recently noted that there have also been reports of stat-actors using malicious cyber activity to ‘promote narratives about the origins of the virus and their own, and other countries’ response to it’.
It’s those disinformation campaigns that are now the focus of GCHQ, which is reportedly using techniques developed to eliminate terrorist propaganda in an effort to prevent the spread of anti-vaccination disinformation campaigns. The tactics, used against Isis in 2018, reportedly include encrypting the operators data, and blocking communications between the groups.
Pressure is also on the social media platforms as governments around the world rush to step up the war against anti-vax disinformation before Covid-19 vaccine campaigns get underway.
Facebook, Google and Twitter have all promised to crack down on anti-vaccine disinformation, responding to flagged content more swiftly and working with authorities to promote ‘scientifically accurate’ messages.
Keeping up with the constant flow of new anti-vax narratives, however, remains a challenge.