North Korean hackers ‘targeting AstraZeneca researchers’ for Covid-19 vaccine secrets

As British drug developer AstraZeneca races to deploy its vaccine for the Covid-19 virus, suspected North Korean hackers have been trying to break into the company’s computer systems, Reuters is reporting.

The hackers posed as recruiters on WhatsApp and networking site LinkedIn to approach AstraZeneca staff with fake job offers, sources said. They then sent attachments claiming to be job descriptions that were laced with malicious code designed to gain access to the victim’s computer.

The hackers targeted a “broad set of people” including researchers working on the Covid-19 experimental vaccine, said one of the sources, but they are not thought to have been successful.

Reuters’ sources, who spoke on condition of anonymity, said the tools and techniques used in the attacks showed they were part of an ongoing hacking campaign that US officials and cybersecurity researchers have attributed to North Korea.

The campaign has previously focused on defence and media organisations but turned to Covid-related targets in recent weeks, according to experts who have investigated the attacks.

Cyberattacks against health bodies, vaccine scientists and drug makers have soared during the Covid-19 pandemic as state-backed and criminal hacking groups go to any lengths to obtain the latest research and information about the outbreak.

Western officials say any stolen information could be sold for profit or used to give foreign governments a valuable strategic advantage as the world fights the killer disease trashing economies around the globe.

Microsoft said this month it had seen two North Korean hacking groups target vaccine developers in multiple countries, including by “sending messages with fabricated job descriptions”. Microsoft did not name any of the targeted organisations.

Some of the accounts used in the attacks on AstraZeneca were registered to Russian email addresses, one of the sources said, in a possible attempt to mislead investigators.

Reuters has previously reported that hackers from Iran, China and Russia have attempted to break into leading pharma developers and even the World Health Organisation this year. Tehran, Beijing and Moscow have all denied the allegations.

North Korea has been blamed by US prosecutors for some of the world’s most damaging cyberattacks, including the 2016 theft of US$81 million from the Central Bank of Bangladesh, and unleashing the Wannacry ransomware virus in 2017.

Pyongyang has described the allegations as part of attempts by Washington to smear its image.

AstraZeneca, which has emerged as one of the top three Covid-19 vaccine developers, declined to comment.