Microsoft has recently alerted governments across the globe that the North Korean hacker groups Cerium and Zinc, as well as the Russian hacker group Strontium, have been targeting organisations involved in COVID-19 vaccine research using brute-force, credential stuffing and spear-phishing attacks.
Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, said in a blog post that nation-state actors have been targetting research organisations in France, Canada, South Korea, India, and the United States. In his post, Burt said “Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organisation representatives.” He continued to say that “The majority of these attacks were blocked by security protections built into our products. We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help.”