According to a report published by Reuters, suspected North Korea-linked hackers targeted AstraZeneca, one of the companies that are developing a COVID vaccine.
The attack attempts took place in recent weeks, two people with knowledge of the matter told Reuters. The attackers used a well-known tactic, the hackers posed as recruiters on popular social network platforms and instant messaging applications, including LinkedIn and WhatsApp, to approach AstraZeneca employees with fake job offers.
“They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer.” reported Reuters. “The hacking attempts targeted a “broad set of people” including staff working on COVID-19 research, said one of the sources, but are not thought to have been successful.”
Pyongyang has always denied carrying out cyberattacks on healthcare organizations and entities involved in the development of a vaccine.
The attribution to North Korea is based on the analysis of tools and techniques used in the cyber that presents significant overlaps on an ongoing hacking campaign that U.S. officials and cybersecurity researchers.
According to the experts, the same campaign also aimed at defence companies, media organisations, and COVID-related targets, such as vaccine scientists and drugmakers.
A report recently published by the Canadian Centre for Cyber Security, titled “National Cyber Threat Assessment 2020,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea.
Nation-state actors linked to the above countries pose the greatest strategic threats to Canada and according to the report, they will continue to attempt to steal Canadian intellectual property, especially related to COVID-19.
Threat actors are carrying out cyber espionage campaigns and online influence campaigns.
South Korean lawmakers announced last week that the country’s intelligence agency had foiled cyber attacks.
Reuters added that some of the accounts employed in the attacks on AstraZeneca were registered to Russian email addresses, but one of the sources speculated that it could be a false flag used by the attackers.
At the time of writing, AstraZeneca declined to comment.
(SecurityAffairs – hacking, AstraZeneca)