Microsoft discovered Russia- and North Korea-linked cyberattacks on COVID-19 vaccine research

Microsoft said Friday it has discovered cyberattacks from groups linked to Russia and North Korea aimed at coronavirus vaccine research.

“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19,” wrote Tom Burt, Microsoft corporate vice president, on the company’s blog. “The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”

Mr. Burt wrote that a majority of the targets are vaccine makers with COVID-19 vaccines in clinical trials, but noted that one target was a clinical research organization and another target had developed a coronavirus test.

The Russia-linked cyberattackers used “password spray and brute force login attempts” relying on thousands or millions of rapid attempts to steal login credentials and break into accounts, Mr. Burt wrote.

Microsoft said it found the North Korea-linked cyberattackers primarily use spear phishing to seek credentialed access to their targets, and posed as World Health Organization representatives and as job recruiters. Spear phishing is a scam using electronic communications, often email, to gain improper access or information about a particular target.

The cyberattackers identified by Microsoft have not limited their malicious activity to coronavirus and the healthcare industry. In September, Microsoft said cyberattackers from the same Russian-linked group had attacked more than 200 political campaigns, consultants, advocacy groups and others including the German Marshall Fund.

The large cyberattack surface for hostile foreign adversaries comes as the U.S. federal government has warned of a growing cybersecurity workforce shortage. In October, the Department of Homeland Security said there were 299,000 active openings for cybersecurity jobs and global projections estimated a cybersecurity workforce shortage of 1.8 million by 2022.

At the end of October, DHS said its Science and Technology Directorate and the Cybersecurity and Infrastructure Security Agency awarded $2 million to a group led by the University of Illinois at Urbana-Champaign to come up with a plan for the federal government to “build a national network of cybersecurity technical institutes.”