Russian and North Korean hackers have penetrated Covid-19 vaccine companies, Microsoft says

Russian President Vladimir Putin stands with a gun at a shooting gallery of the new GRU military intelligence headquarters building as he visits it in Moscow November 8, 2006
Vladimir Putin poses at the headquarters of Russia's GRU intelligence agency, now linked to cyber-attacks against vaccine researchers Credit: ITAR-TASS/Reuters

Hackers working for Russia and North Korea have broken into the online systems of drug companies developing coronavirus vaccines, Microsoft has said.

The tech giant, whose software protects 195 healthcare organisations covering about 1.7m email accounts, said it had seen repeated intrusions by three known hacking groups against vaccine makers and other research bodies in the US, Canada, France, India and South Korea.

Tom Burt, vice president of customer security and trust, said that while the majority of the attacks had been unsuccessful, some had gotten through, and demanded that governments take a stronger hand against state-backed hacking gangs.

He named one of the units as "Fancy Bear", or Strontium, the Western designations for a Russian hacker group thought to be linked to the GRU intelligence agency and infamous for its highly effective intervention in the 2016 US election.

Mr Burt also fingered the North Korean Lazarus Group, referred to as Zinc by Microsoft, which is believed to have orchestrated the hacking of Sony Pictures in 2016 and the WannaCry attack in 2017. The latter shut down hundreds of thousands of computers around the world and temporarily paralysed many NHS hospitals.

The third group, named Cerium, is relatively unknown, but used targeted fake emails appearing to be from World Health Organisation officials to steal victims' logins.

Mr Burt said: "We think these attacks are unconscionable and should be condemned by all civilised society. We're sharing more about the attacks we've seen most recently and are urging governments to act.

"At a time when the world is united in wanting an end to the pandemic and anxiously awaiting the development of a safe and effective vaccine for Covid-19, it is essential fo world leaders to unite around the security of our healthcare institutions and enforce the law against cyberattacks targeting those who endeavour to help us all."

It is the latest stage in a cyber-war that has simmered since the beginning of the coronavirus pandemic, with multiple nations snooping on each other's research programmes. It also comes after massive ransomware attacks on hospitals across the world for an unknown purpose, which have caused at least one death of a patient in Germany.

In May, British and American intelligence agencies said they had seen increasing attacks against healthcare and research bodies, while the FBI and the US Department of Homeland Security warned that Chinese hackers had been observed trying to steal information about vaccines, treatments and Covid-19 tests.

Government cyber-attacks are traditionally hard to respond to because of the difficulty of decisively identifying their culprits and finding or disrupting their tools. Since 2016, the US has adopted a more aggressive posture, sometimes launching retaliatory attacks on rival nations in an attempt at deterrence.

License this content