Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Three APT groups have targeted at least seven COVID-19 vaccine makers

At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments. “In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly […]

Oxford University Lab

At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns.

Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments.

“In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19.” reads the post published by Microsoft. “The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”

Microsoft linked the attacks to the Russia-linked Strontium APT group (aka APT28Fancy BearPawn StormSofacy Group, and Sednit)  and two North Korea-linked groups tracked as Zinc (aka Lazarus Group) and Cerium.

The group mainly targeted vaccine makers that are testing Covid-19 vaccines, one of them is a clinical research organization involved in trials, while another one has developed a Covid-19 test. Several organizations targeted by the APT groups that have contracts with or investments from government agencies for Covid-19 related work.

Strontium hackers launched password spraying and brute-force attacks to break into victim accounts and steal sensitive information.

Zinc APT targeted the centers with spear-phishing campaigns aimed at employees working at the targeted companies using messages pretending to be sent by recruiters.

Cerium APT also launched Covid-19 themed spear-phishing campaigns using messages that pretend to be sent by representatives from the World Health Organization.

The targets were located in Canada, France, India, South Korea, and the United States, according to Microsoft.

Microsoft revealed that the majority of the attacks were blocked by protections implemented in its solutions, the IT giant already notified all organizations that were breached by the hackers.

Unfortunately, these attacks are just the tip of the iceberg, the healthcare industry is a privileged target for hackers that are also attempting to take advantage of the ongoing pandemic.

Threat actors recently targeted several hospitals and healthcare organizations in the United States. In the last months, hackers hit several hospitals and organizations involved in the response to the pandemic, including the Brno University Hospital in the Czech Republic, Paris’s hospital system, hospitals in Spain and Thailand.

“Today, Microsoft’s president Brad Smith is participating in the Paris Peace Forum where he will urge governments to do more. Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law.” concludes the post. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19)

[adrotate banner=”5″]

[adrotate banner=”13″]