In all the hoopla regarding new vaccine test success from Moderna and Pfizer, Microsoft has uncovered a series of cyber attacks coming from Russia and North Korea targeted at research companies doing those tests.
In a blog post, Microsoft says the attacks targeted seven major pharmaceutical companies and researchers in Canada, France, India, and South Korea, and the U.S. Microsoft didn’t say which companies were targeted or what type of information may have actually been compromised or stolen, but officials said they had notified the organizations and offered help where the attacks were successful.
“Two global issues will help shape people’s memories of this time in history – COVID-19 and the increased use of the internet by malign actors to disrupt society. It’s disturbing that these challenges have now merged as cyberattacks are being used to disrupt health care organizations fighting the pandemic,” wrote Microsoft’s Tom Burt, Corporate Vice President, Customer Security & Trust.
“We think these attacks are unconscionable and should be condemned by all civilized society. Today, we’re sharing more about the attacks we’ve seen most recently and are urging governments to act.”
The attacks and the protection
There are actually three key players in the attacks: “Strontium,” an actor originating from Russia, and two actors originating from North Korea that Microsoft has dubbed “Zinc” and “Cerium.”
Strontium uses “password spray” and brute force login attempts to steal personal login credentials. The software it uses conducts millions of rapid attempts to crack a third-party’s personal data. Zinc’s game is to use spear-phishing lures for credential theft by sending messages with fabricated job descriptions pretending to be recruiters. And Cerium? The angle it works is spear-phishing with email lures using COVID-19 themes while masquerading as World Health Organization representatives.
Luckily, Burt says the “majority” of the attacks have been blocked by security protections built into the company’s products. The company is continuing to make its threat notification service, “AccountGuard,” available for free to health care and human rights organizations working on COVID-19.
The company says that 195 health care-related groups have enrolled in the service, and it now protects 1.7 million email accounts that those organizations serve.