Microsoft warns Russian, North Korean hackers targeting groups researching COVID-19 vaccines

Microsoft warned Friday that it has witnessed efforts by Russian and North Korean hacking groups to target pharmaceutical companies and coronavirus vaccine researchers.

The announcement is part of a wider effort by the company to take action against these attacks.

“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19,” Tom Burt, the corporate vice president of customer security and trust at Microsoft, wrote in a blog post.

“The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States.”

Burt wrote that the three advanced persistent threat groups involved were a Russian group known as “Strontium” and two North Korean groups known as “Zinc” and “Cerium.”

Strontium, also known as “Fancy Bear,” is the same group that hacked into the Democratic National Committee’s networks ahead of the 2016 U.S. presidential election.

Microsoft warned in September that Russia, China and Iran were targeting the 2020 U.S. elections, and noted that the Strontium hacking group had targeted more than 200 organizations, political campaigns and parties over the past year as part of this effort.

Burt noted that most of the groups targeted by the hacking groups were “vaccine makers that have Covid-19 vaccines in various stages of clinical trials.”

“One is a clinical research organization involved in trials, and one has developed a Covid-19 test,” Burt wrote. “Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”