After China, Iran and Russia, North Korea is the latest to be fingered for attempting to steal Western research into COVID-19. Its target? AstraZeneca.
North Korean hackers used sham recruiting schemes to try to breach AstraZeneca’s systems in recent weeks, Reuters reported, citing two people familiar with the matter.
The alleged cyberattacks, which are not thought to have been successful, came as the British drugmaker was knee-deep in developing a COVID-19 vaccine while working on a coronavirus antibody cocktail.
The hacking targeted a “broad set of people,” including those working on COVID research, according to one Reuters source.
The hackers disguised themselves as recruiters on LinkedIn and WhatsApp. In messages sporting fabricated job offers came e-documents with malicious code designed to gain access to the target employee's computer, the sources told the newswire.
Judging by the hackers’ tools and techniques, the sources said they looked to be part of an ongoing hacking scheme by Pyongyang. The campaign, which previously focused on military and media organizations, has pivoted to COVID-related entities, three people who have investigated the attacks told Reuters.
Biopharma companies have routinely been targeted in cyberattacks but reported hacking incidents and attempts appear to have surged during the pandemic.
Before North Korea, cybersecurity officials from the U.S., U.K. and Canada accused hackers with Russian intelligence ties of trying to steal information and intellectual property around COVID-19 vaccines by using malware. Russia itself has denied any involvement in the attacks. To combat the accusations, Russia facilitated a licensing deal between local drugmaker R-Pharm and AstraZeneca to produce and distribute doses of the company’s experimental COVID shot AZD1222.
In the suspected North Korean attack on AZ, some of the social media accounts used were registered with email addresses from Russia in a bid to mislead investigators, one of Reuters’ sources said.
In addition, China and Iran have also been named by the U.S. government for launching cyberattacks aimed at stealing COVID-related research from pharma companies and health agencies.
India’s Dr. Reddy’s Laboratories was recently forced to isolate all data centers and shut key plants globally after detecting a cyber breach. That incident came on the heels of the company's clearance to start a phase 2/3 trial of Russia’s COVID vaccine, Sputnik V.