North Korean state-sponsored hackers have repeatedly tried to hack into the computers of AstraZeneca plc, which is developing a COVID-19 vaccine that might be released in early 2021.
Posing as recruiters for popular job site LinkedIn and messaging site WhatsApp, the hackers tried to dupe the targeted AstraZeneca employees into believing they were being sent job offers from top tier corporations in an old fashioned spear-phishing attack.
The AstraZeneca employees were also sent attached job descriptions, which when opened would have unleashed malware compromising their computers and the company's network security.
Cybersecurity experts aware of the exploit said the North Korean attack zeroed in a broad set of employees, including those working on COVID-19 research. They claimed the attacks were unsuccessful.
Some of the accounts used in the attacks on AstraZeneca were registered to Russian email addresses to confuse investigators.
South Korean lawmakers said the National Intelligence Service (NIS), the country's intelligence agency, had foiled some of these cyberattacks.
The intrusions bore the hallmark of the infamous North Korean hacking group called "Zinc." Microsoft Corporation, which is working with the U.S. government to combat cyberattacks, said it had seen Zinc and another North Korean group target vaccine developers in multiple countries this month. It's caught Zinc "sending messages with fabricated job descriptions," which is the modus operandi in the attacks on AstraZeneca employees.
Zinc is being confronted by MSTIC or the Microsoft Threat Intelligence Center. This unit helps the U.S. Department of Defense thwart relentless cyberattacks from Russia, China, North Korea, and Iran.
MSTIC said hackers from China, like North Korea today, focus their attacks on medical institutions in the U.S. and Asia to steal information related to research on COVID-19 cures. Russia has also stolen secret research on coronavirus vaccines from laboratories in the United Kingdom.
On November 13, Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft, said the North Koreans and the Russians are currently targeting leading pharmaceutical and vaccine research organizations in Canada, France, India, South Korea, and the United States.
Burt revealed the list of targeted organizations is dominated by vaccine research companies with COVID-19 vaccines in various stages of clinical trials.
"Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters," according to Burt.
The other North Korean hacking group named Cerium focuses its spear-phishing email lures on COVID-19 themes while masquerading as World Health Organization representatives.
