COVID-19 , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

South Korea Claims North Korea Tried Hacking Pfizer

Reported Attempt at Stealing COVID-19 Data Comes in Wake of Global Warnings
South Korea Claims North Korea Tried Hacking Pfizer

South Korean intelligence officials allege that North Korean hackers attempted to steal COVID-19 vaccine and treatment data by hacking the U.S. pharmaceutical firm Pfizer, Reuters reports.

See Also: Top 50 Security Threats

The news comes on the heels of warnings in recent months by global law enforcement agencies, as well Microsoft and Kaspersky, about the surge of state-sponsored hackers targeting COVID-19 drug makers and supply chain players.

Pfizer did not immediately respond to Information Security Media Group's request for comment.

In addition to the report of Pfizer being targeted, South Korea's National Intelligence Service claims to have foiled attempts by North Korea to hack into South Korean firms developing coronavirus vaccines, Reuters reports.

Seeking a Profit?

North Korea has been accused of turning to an army of hackers "to fill its cash-strapped coffers" amid international sanctions that ban most international trade with it, Reuters reports. So, some health experts speculate that he country's hackers appear more interested in selling the stolen data than using it to develop a homegrown vaccine.

North Korean Leader Kim Jong Un has repeatedly insisted that the country has had no coronavirus cases, although outside experts doubt those assertions, CBS News reports.

Nonetheless, North Korea is expected to receive nearly 2 million doses of the AstraZeneca-Oxford COVID-19 vaccine by the first half of this year through the COVAX vaccine-sharing program, Reuters reports.

Previous Warnings

Law enforcement officials and security firms have for months been warning about North Korean and Russian hackers targeting research organizations involved in COVID-19 vaccine development.

Security firm Kaspersky in December warned that the Lazarus Group, a North Korean advanced persistent threat gang, targeted an unnamed national ministry of health and a drug manufacturer involved in developing a coronavirus vaccine in an attempt to steal information.

Also in December, the international law enforcement organization Interpol warned of a potential surge in organized crime activity tied to COVID-19 vaccines.

Those alerts followed a report Microsoft issued in November warning of three state-sponsored APT groups - Strontium in Russia and Zinc and Cerium in North Korea - targeting companies across the globe involved in COVID-19 vaccine and treatment development (see: APT Groups Target Firms Working on COVID-19 Vaccines).

Strontium is also referred to by security researchers as FancyBear and APT28. Zinc is better known as The Lazarus Group, while Cerium appears to be a new group.

And last summer, a joint advisory - issued by the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, the U.K.’s National Cyber Security Center and Canada’s Communications Security Establishment - said the Russian-affiliated APT29 cyber espionage group - also known as "Cozy Bear" and the "Dukes" - was targeting research entities "highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines." (See: US, UK, Canada: Russian Hackers Targeting COVID-19 Research).

A Persistent Threat

Some experts warn the cyberthreats facing the healthcare sector aren't likely to subside.

"State-sponsored industrial espionage is as time-tested and common as peering over a classmate’s shoulder to cheat on a science test," says Greg Garcia, executive director of cybersecurity at the private/public Health Sector Coordinating Council.

"The pandemic probably intensified the cheating competition for bragging rights, profits and an advantage to national health. But the espionage won’t end with the pandemic."

Kelvin Coleman, executive director of the National Cyber Security Alliance offers a similar assessment. "As long as vaccine data will continue to keep changing and evolving in response to the pandemic itself, you’re going to continue to see bad actors making an attempt to steal it from multiple points of vulnerability," he says.

The vaccine data attack surface is much more than the data housed in a research facility, lab or corporate setting, he adds. "The entire vaccine supply chain is at risk these days. Even the cold storage companies heading up vaccine transport and storage have been hit by malware and hospitals housing vaccines have been hit by ransomware. This is an entirely different environment than before vaccine distribution began happening."

Coleman adds that healthcare sector entities need to stay vigilant.

"Continued education and awareness efforts, such as taking internal steps to make sure that employees can more easily spot a phishing attempt, and finally, that medical equipment and any devices that are connected to a network are patched with the latest in security updates and firmware," are important steps, he says.

"In reality, the types of attacks that cyber criminals are regularly using aren’t necessarily new, groundbreaking or high-tech. These tactics haven’t changed because they still work and the environment they’re attacking is target rich while lacking basic protections that are too often overlooked – for example, strong alphanumeric passwords, multi-factor authentication throughout systems, firewalls and file-level encryption measures."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.