State-backed actors from Russia and North Korea have launched cyber attacks against at least seven companies researching COVID-19 vaccines and treatments in India, USA, Canada, France and South Korea, Microsoft announced on November 13. Of these companies, one is a clinical research organisation involved in trials while another has developed a COVID-19 test. A number of targets have government contracts or investments for COVID-19 related work, Microsoft said. We have reached out to Microsoft to know which Indian companies were targeted. Who is behind the attack? Three nation-state actors — one from Russia (Strontium, also known as Fancy Bear, APT 28, Pawn Storm) and two from North Korea (Zinc, also known as Lazarus and Hidden Group; and Cerium). The modus operandi: As per Microsoft, the three advanced persistent threat (APT) groups used different ways to target companies: Strontium used password spray (using common passwords to break into multiple accounts) and brute force (trying multiple passwords on one account) login attempts to steal login credentials. Zinc used spearphishing tactics (luring people with specially crafted emails and messages) to steal credentials. They masqueraded as recruiters and sent fabricated job descriptions. Cerium used COVID-19 related themes in its spearphising emails and donned the guise of the World Health Organisation (WHO). Dr Reddy, Lupin targeted by cyber attackers in the past On October 22, Dr Reddy’s Laboratories disclosed that it was a victim of a cyber attack which it later revealed to be a ransomware attack. The disclosure came five days after the pharmaceutical…
