Posing as recruiters on WhatsApp and LinkedIn, the hackers contacted AstraZeneca staff with “job offers” and sent documents with malicious code, according to individuals familiar with the situation. The hackers allegedly targeted a “broad set of people,” attempting to trick staffers working on the company’s coronavirus vaccine.
Interestingly, some of the accounts involved in the attacks were reportedly registered to Russian email addresses, which was seen as an attempt by North Korea to deceive investigators.
The attacks seem to be part of an ongoing campaign Western officials and security experts have long warned about and repeatedly attributed to North Korea. North Korean hackers have previously taken aim at media organizations and defense companies, but they seem to have shifted their focus to drug makers and health bodies.
Pyongyang has also been accused of hacking Sony Pictures in 2014, releasing the Wannacry ransomware virus in 2017 and stealing $81 million from the Central Bank of Bangladesh.
Earlier this month, Microsoft said that hackers based in North Korea have targeted vaccine developers in multiple countries and South Korea revealed that its intelligence agency stopped similar efforts.
North Korea has strongly pushed back against these accusations, saying that the United States is trying to damage its reputation.
Hackers from China, Russia and Iran have also tried to break into the systems of western pharmaceutical companies, according to Reuters, though they have denied these allegations.
As Bloomberg reported, earlier this year, hackers targeted top officials at the World Health Organization (WHO), including director General Tedros Adhanom Ghebreyesus.
“The cybersecurity team has never been busier, and we’ve had to increase resources to try to protect ourselves and be vigilant,” the organization’s chief information officer Bernardo Mariano said at the time, explaining that the hackers were “looking for the highest targets — the key officials involved with the COVID-19 work.”
“This is unprecedented for everyone here. We’re doing what we can to mitigate it,” he said, noting that the WHO has doubled the size of its cybersecurity team and shut down potentially vulnerable systems.
In may, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) accused China-sponsored actors of trying to “compromise” American organizations involved in coronavirus research.
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options,” the FBI and CISA said in a joint statement.