Wednesday, December 2

Which countries and hackers are targeting Covid vaccine developers? | Coronavirus


Russia’s best-known hacker groups, Fancy Bear and Cozy Bear, are considered to be linked to the country’s intelligence organizations, according to Western security agencies.

Fancy Bear, the better known of the two, is linked to GRU military intelligence and is accused of being behind the hacking of the computers of the Democratic Party of the United States in the run-up to the 2016 presidential election, the product of which was leaked. widely.

Microsoft, which calls the Strontium group, last week he accused Fancy Bear of Targeting Covid-19 vaccine manufacturers through the use of “password spray and brute force login attempts,” attacks that use “thousands or millions” of quick attempts to gain access to the network by guessing the password.

In July, the British agency NCSC accused Cozy Bear, linked in various ways to Russia’s national FSB and foreign SVR agencies, of targeting drug research laboratories in the United Kingdom, the United States and Canada. Their goal, NCSC said, is likely to be “to steal information and intellectual property related to the development and testing of Covid-19 vaccines.”

The group’s hackers sought to break into a wide variety of medical research-related systems, often trying to exploit known vulnerabilities that were not fixed to try to gain long-term access.


China has been accused of engaging in piracy activities by the West for many years, with units linked to the country’s People’s Liberation Army previously at the helm.

In 2015, the President of China, Xi Jinping, and the then President of the United States, Barack Obama, reached an agreement promising not to “knowingly support cyberspace-enabled theft of intellectual property” for business advantage, prompting a partial withdrawal and then restructuring.

As relations between the United States and China deteriorated, particularly after Donald Trump took office, Chinese activity resumed, this time linked to the country’s Ministry of State Security (MSS), the main civil espionage agency. from the country.

Chinese groups tend to focus more on economic gains than politics, according to Mandiant FireEye researchers, than they did last year. identified a group known as APT41, whose “espionage has broadly aligned with China’s five-year economic development plans.”

Despite the pandemic, APT41, sometimes known as the Wicked Panda, started the year with substantial campaigns attempting to exploit security vulnerabilities in corporate IT networks on the Internet, including UK government systems.

In September, the US FBI presented charges against what he said were five key figures in APT41, in which he said that one of whom had told a colleague that he was “very close” to the MSS. China denies involvement in espionage related to hacking.


Iran, one of the countries most affected by the coronavirus, was accused of attacking the World Health Organization in early April using phishing techniques, in which emails were sent to encourage staff members to click on a link containing malware in an attempt to steal passwords and gain access to systems.

A similar type of Iranian attack on Gilead Research, the American manufacturer of the antiviral drug remdesivir, which is believed to be a possible treatment for Covid-19, was detected by researchers at the Israeli cybersecurity firm ClearSky. In one case, a senior executive responsible for legal and corporate affairs was on the receiving end of a phishing email.

Cybersecurity researchers say that several groups of hackers operate from Iran, involved in both political and economic attacks. One investigator said Gilead’s target had similarities to the methods used by the Charming Kitten group, previously accused of aimed at journalists, academics and human rights activists in Iran, sometimes posing as journalists.

North Korea

Western governments link North Korean hacker groups to the country’s General Reconnaissance Office. Microsoft accused the best known group, generally known as Lazarus but by the American software company as Zinc, since it is dedicated to the impersonation (spear phishing) or email attacks directed against people who work in research organizations related to Covid-19.

He said techniques used by Lazarus or Zinc included “spear-phishing decoys for credential theft, sending messages with fabricated job descriptions pretending to be recruiters.” Another group, named Cerium by Microsoft, used the same email spear phishing methods, but this time posing as WHO representatives.

Lazarus first emerged around 2014 in the consciousness of Western cybersecurity groups and before Covid-19 was accused of being involved in a wide range of activities.

Last year, the United States Treasury, announcing sanctions against the group, said it had been involved in the Destructive WannaCry ransomware attack in 2017, particularly affecting the NHS in the UK, compromising systems in a third of hospitals and 8% of GP consultations. British agencies have made a similar attribution.


Other countries have also been named for pursuing Covid-19 secrets through hacking. In April, FireEye said it had detected an operation. conducted by a Vietnamese group, which carried out intrusion campaigns against China in the early phases of the pandemic crisis between January and April.

Spear phishing messages were sent to public authorities in Wuhan, the site of the first significant outbreak of the disease, with malware hidden under the guise of a live New York Times blog with the latest news from the crisis.

style="display:block" data-ad-client="ca-pub-3066188993566428" data-ad-slot="4073357244" data-ad-format="auto" data-full-width-responsive="true">

Leave a Reply

Your email address will not be published. Required fields are marked *