November 28, 2020
‘Miltenyi Biotec,’ one of the companies that are currently in the race for the development of a COVID-19 vaccine and treatment, announced a ransomware incident. The statement confirmed that the attack was successful, resulting in the impairment of parts of the IT infrastructure, mostly affecting order processing. According to Bleeping Computer, the actors behind this attack are the “Mount Locker” gang, who have already leaked 5% of a total of 150 GB of data that they stole about ten days ago.
At the same time, Microsoft has published a blog post calling cybercriminals to stop targeting COVID-19 vaccine research centers, calling their activities unconscionable. As the tech company revealed, almost all attacks originate from Strontium, Zinc, and Cerium.
Strontium is an actor who is based in Russia, while Zinc and Cerium originate from North Korea. Their targets are mainly firms that engage in the pharma sector, including vaccine researchers in Canada, France, India, South Korea, and the United States.
The majority of the targets have already been very far ahead in developing a COVID-19 vaccine, as they are in various stages of clinical trials. By targeting them, hackers can help other teams of scientists, possibly based in their country of origin, to greatly accelerate the development of their own vaccine and do it at a very low cost.
As for the methods of attack, Strontium is using password spraying and brute-forcing to steal login credentials. Zinc is setting up highly targeted spear-phishing campaigns that supposedly come from recruiters. Cerium follows the same phishing path, but they prefer to impersonate representatives of the World Health Organization instead. In several cases, the attackers were successful, and Microsoft went on to inform the victims even at the last moment.
We do not expect cybercriminals to stop these activities any time soon, so ramping up security and protection against hacker attacks is crucial for these organizations. There have been numerous public pleas on the topic, coming from the United Nations, the Red Cross, the CyberPeace Institute, and more. COVID-19 vaccine research is just too valuable for hackers, possibly state-supported ones, to not target at this time.