Russia, North Korea Accused Of Hacking Vaccine Research

By Ben Kochman
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Telecommunications newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (November 13, 2020, 8:55 PM EST) -- Hackers linked to the Russian and North Korean governments have launched recent cyberattacks on "prominent" pharmaceutical companies and other institutions researching vaccines and treatments for COVID-19, Microsoft said Friday.

In a blog post, Microsoft's corporate vice president Tom Burt said that the technology giant's security team has in recent months detected attacks against seven companies "directly involved" in coronavirus-related research. Targets include pharmaceutical giants and vaccine researchers in the U.S., Canada, France, India and South Korea, including one organization that has developed its own COVID-19 test, Burt wrote.

Several of the targeted organizations have contracts with or investments from government agencies for work related to the pandemic, according to Microsoft. The attackers have used familiar techniques like posing as recruiters and sending their targets phishing emails inviting them to apply for jobs that do not exist, the blog post noted.

Some of the attackers also attempted to lure victims into divulging their usernames and passwords by sending COVID-19-themed phishing emails in which they masqueraded as representatives from the World Health Organization, while others used "brute force login attempts" in which they try to break into users' accounts by trying thousands or millions of possible passcodes, Microsoft said.

Microsoft said some of the attacks were successful, despite its security software blocking most of the hacking attempts. The company said it has notified all the organizations that it believes were targeted.

According to Microsoft's security team, the attacks came from a Russia-linked actor that it calls "Strontium," and North Korea-linked actors that it calls "Zinc" and "Cerium." Russia has denied that its government is behind any cyberattacks on COVID-19 vaccines, but the U.S., U.K. and Canadian governments accused the Kremlin in July of ordering attacks on coronavirus-related research.

In May, U.S. officials warned that malicious actors backed by the Chinese government are also aiming to steal American research on vaccines and treatments for COVID-19.

In its blog post, Microsoft's Burt said that the company is "calling on the world's leaders to affirm that international law protects health care facilities and to take action" against nations that will "enable" or help cybercriminal groups mount attacks on the health industry.

Cybersecurity experts have said that attacks on all industries have spiked amid the pandemic's work-at-home environment. But organizations in the health space, including hospitals, have seen a particularly high volume of cyberattacks, according to law enforcement, with some criminals attempting to lock such companies out of critical systems and extort them into paying ransoms.

"We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate — or even facilitate — within their borders," Burt wrote in Friday's blog post. "This is criminal activity that cannot be tolerated."

--Editing by Daniel King.

For a reprint of this article, please contact

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!