COVID-19 vaccine and treatment researchers in Canada, the United States and other countries are being targeted by threat actors in Russia and North Korea, says a Microsoft executive.
Tom Burt, corporate vice-president for customer security and trust, said in a blog today that is one reason why Microsoft’ president Brad Smith will urge nations participating in the Paris Peace Forum today to affirm that international law protects health care facilities and to take action to enforce the law.
“We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders,” Burt wrote. “This is criminal activity that cannot be tolerated.”
“We think these attacks are unconscionable and should be condemned by all civilized society.”
This isn’t the first report of cyber attacks on healthcare researchers. As far back as April Palo Alto Networks warned of ransomware attacks against institutions. However, Burt said the recent attacks seen by Microsoft aimed at seven prominent companies directly involved in researching vaccines and treatments for Covid-19. One interpretation is the attackers are looking for research to steal.
Microsoft says the targets include “leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States.”
It attributes the attacks to a group it calls Strontium, an actor originating from Russia, and two actors originating from North Korea which Microsoft calls Zinc and Cerium.
“Strontium continues to use password spray and brute force login attempts to steal login credentials,” Burt said. “Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organization representatives.”
Microsoft notes that more than 65 health care-related organizations have joined the November 2019 Paris Call for Trust and Security in Cyberspace. They include organizations like pharmaceutical giant Merck, top hospitals like Hospital Metropolitano in Ecuador, and government health institutes like Poland’s National Institute of Public Health. Microsoft also notes that earlier this year, the CyberPeace Institute and International Committee of the Red Cross led an effort by 40 international leaders calling on governments to stop the attacks on healthcare.
In May a group of the world’s most prominent international law experts, in what has become known as the Oxford Process, issued a statement making it clear that international law protects medical facilities at all times, Burt added. In August, the Oxford Process issued a second statement emphasizing that organizations that research, manufacture and distribute of Covid-19 vaccines are also protected.