Not just AstraZeneca: Hackers targeted 5 other COVID-19 drug developers, vaccine cold chain suppliers

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
North Korean hackers have targeted AstraZeneca, Johnson & Johnson, Novavax, Celltrion, Genexine and Shin Poong Pharmaceutical, all of which are working on COVID-19 vaccines or treatments. (xijian/iStockPhoto)(xijian / iStockPhoto)

A few days ago, allegations were made against North Korean hackers for cyberattacking COVID-19 vaccine frontrunner AstraZeneca. Turns out, the British pharma wasn’t alone on Pyeongyang’s hunting list.

North Korean hackers have also tried to steal information from U.S. COVID vaccine developers Johnson & Johnson and Novavax, The Wall Street Journal reported, citing people familiar with the matter.

And how can they forget their neighbor South Korea? The totalitarian state also made attempts at three South Korean drugmakers working on COVID-19 vaccines or therapeutics: Celltrion, Genexine and Shin Poong Pharmaceutical, according to the newspaper.

The attacks can be dated back as early as August, the sources told WSJ. They appeared to have come from the same group of hackers involved in previous North Korean assaults on the U.S. State Department and South Korea’s Ministry of Unification, a department responsible for North Korean affairs, the people said.

In some cases, the hackers, in a typical phishing attempt, would pretend to be colleagues or other acquaintances of the victim, sending out messages under fake email accounts with malicious attachments or links that once clicked on could give the hackers access to a computer.

Suspected North Korean hackers had previously disguised themselves as recruiters to approach AstraZeneca employees online and used fake job description e-documents to make inroads into the company’s computer system, Reuters reported Friday.

RELATED: AstraZeneca staffers targeted in suspected hacking scheme amid work on COVID-19 vaccine: report

J&J said it remains vigilant against cyberattacks, and Novavax said it’s aware of the invasion attempt and is working with government agencies and commercial cybersecurity experts, according to the WSJ.

Meanwhile, as the U.K. has authorized Pfizer and BioNTech’s COVID vaccine BNT162b2 for emergency use, and as more products are on the verge of approval, hackers have found a new target—coronavirus vaccine supply chains.

“A global phishing campaign” has eyes on organizations associated with COVID-19 cold chain, IBM’s cybersecurity experts said in a blog post Thursday. The Pfizer/BioNTech shot requires storage at -70 degrees Celsius, Moderna’s mRNA-1273 requires regular freezer temperatures of -20 degrees Celsius, and AZ’s AZD1222 also must be transported at normal refrigerated conditions.

IBM’s COVID task force found bogus emails impersonating an executive at China’s Haier Biomedical, which is purportedly the world’s only complete cold chain provider. The company is also a qualified supplier for Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform.

The hacking campaign, which started in September, used phishing emails as requests for quotations related to the Gavi program. The emails contained malicious attachments that were designed to steal credentials to gain access, according to the IBM report. The targets included a German website development company, which supports clients across the biopharma industry, among others.

AZ recently reported that its University of Oxford-partnered COVID vaccine candidate, AZD1222, was on average 70% effective in protecting people against the disease in a phase 3 trial, but that rate was largely driven by a 90% showing in a small subgroup of patients who mistakenly took a half dose for the first injection. The British drugmaker is now nearing an emergency nod in its home country but is also preparing to run another phase 3 trial to answer questions around the half-dose regimen.

J&J’s COVID vaccine candidate, dubbed JNJ-78436735, has just started a rolling review with the European Medicines Agency and Health Canada as the phase 3 Ensemble trial of the single-dose regimen is slated to readout. Meanwhile, the U.S. pharma has launched a second global phase 3 to test the vaccine as a two-dose regimen.

Celltrion is one of the frontrunners in developing anti-SARS-CoV-2 antibodies. Its candidate, CT-P59, is currently in a phase 3 trial. And data from its global phase 1 trial in a small group of patients showed the treatment could cut recovery time by about 44% compared with placebo.

RELATED: Russian hackers feverishly working to steal COVID-19 vaccine research, governments say

The FDA has so far granted emergency use authorizations to Eli Lilly’s AbCellera-shared bamlanivimab and Regeneron’s antibody cocktail of casirivimab and imdevimab, which President Donald Trump got after contracting the virus. AstraZeneca also has a dual-drug antibody cocktail, called AZD7442, in phase 3 studies.

The cyberattack accusations came shortly after Microsoft fingered North Korea and Russia for targeting seven “prominent companies directly involved in researching vaccines and treatments for COVID-19.”

The hackers from North Korea used fabricated job descriptions and phishing emails meant to look as though they were coming from World Health Organization representatives, according to a Microsoft blog post from last month. The Russian attackers took a more straightforward approach, simply making thousands or millions of login attempts to infiltrate company systems, according to the report.

In addition to North Korea and Russia, China and Iran have also been accused of backing hackers in attempts to break into the networks of companies working on COVID research.