North Korea-linked hackers posing as recruiters on LinkedIn have targeted one of the leading developers of a COVID-19 vaccine.
According to a Reuters report citing two people with knowledge of the matter, hackers using techniques and tools previously linked to North Korea have attempted to break into the networks of pharmaceuticals giant AstraZeneca, which is currently working on a COVID-19 vaccine.
The British company last week reported a 90 per cent efficiency rate for its vaccine, with a lower rate reported for another part of the trial.
Earlier this month, the hackers posed as recruiters on LinkedIn and WhatsApp to approach a “broad set of people” including AstraZeneca staff with pretend job offers.
The hackers then sent documents pretending to be job descriptions to these staff members which included malicious code that would have given the hackers access to the AstraZeneca computers, according to the report.
Some of the emails used in this phishing campaign were registered in Russia in an apparent attempt to draw attention away from their actual origin, according to the sources.
The hackers were unsuccessful in their attempt to access AstraZeneca’s network, the report said.
“The sources, who spoke on the condition of anonymity to discuss non-public information, said the tools and techniques used in the attacks showed they were part of an ongoing hacking campaign that US officials and cybersecurity researchers have attributed to North Korea,” the report said.
The hacking group linked to North Korea has previously used the same tools to target defence companies and media organisations, but appears to have turned to COVID-19 research now.
AstraZeneca declined to comment on the Reuters report, as did the North Korean mission to the United Nations in Geneva.
This is a potentially lucrative focus for hackers, with COVID-19 research fetching a high sum or used by foreign governments to gain a strategic advantage.
There has been a significant uptick in cyber attacks targeting medical research and healthcare organisations this year in light of the COVID-19 pandemic.
Last month, tech giant Microsoft warned that it had seen two North Korean hacking groups go after COVID-19 vaccine developers across a number of countries, using a similar method as described in the recent report. The South Korea government has said that it has prevented some of these attempts.
In April, Iranian hackers were linked to a phishing campaign targeting employees of the World Health Organisation.
In July, Russian hackers stole COVID-19 research following cyber attacks on medical research centres that had been tasked with finding a vaccine for the virus, according to a joint advisory from intelligence agencies based in the UK, US and Canada.
Also that month, a US grand jury indicted two alleged Chinese hackers over a decade-long career of cyber espionage and intellectual property theft which allegedly included targeting COVID-19 research this year.
It seems many of these parties didn’t get the message earlier this year from some hackers that they would not be targeting hospitals and healthcare centres with ransomware attacks this year during the pandemic.