wordpress blog stats
Connect with us

Hi, what are you looking for?

Russian, North Korean hacker groups targeted COVID-19 research companies in India, elsewhere: Microsoft

Photo of syringe

State-backed actors from Russia and North Korea have launched cyber attacks against at least seven companies researching COVID-19 vaccines and treatments in India, USA, Canada, France and South Korea, Microsoft announced on November 13. Of these companies, one is a clinical research organisation involved in trials while another has developed a COVID-19 test. A number of targets have government contracts or investments for COVID-19 related work, Microsoft said.

We have reached out to Microsoft to know which Indian companies were targeted.

Who is behind the attack? Three nation-state actors — one from Russia (Strontium, also known as Fancy Bear, APT 28, Pawn Storm) and two from North Korea (Zinc, also known as Lazarus and Hidden Group; and Cerium).

The modus operandi: As per Microsoft, the three advanced persistent threat (APT) groups used different ways to target companies:

  • Strontium used password spray (using common passwords to break into multiple accounts) and brute force (trying multiple passwords on one account) login attempts to steal login credentials.
  • Zinc used spearphishing tactics (luring people with specially crafted emails and messages) to steal credentials. They masqueraded as recruiters and sent fabricated job descriptions.
  • Cerium used COVID-19 related themes in its spearphising emails and donned the guise of the World Health Organisation (WHO).

Dr Reddy, Lupin targeted by cyber attackers in the past

  • On October 22, Dr Reddy’s Laboratories disclosed that it was a victim of a cyber attack which it later revealed to be a ransomware attack. The disclosure came five days after the pharmaceutical company had announced that it, along with Russia’s sovereign wealth fund Russian Direct Investment (RDIF), had received approval from the Drugs Controller General of India (DGCI) to conduct phase 2/3 human clinical trial for Sputnik V vaccine in India. As part of a September 2020 partnership, RDIF will supply 100 million doses of the vaccine to Dr Reddy upon regulatory approval in India.
  • A fortnight after the Dr Reddy incident, Mumbai-based pharma company Lupin Limited also confirmed an “information security incident” that had affected its IT systems. In August, the company had launched a drug, called Favipiravir, to treat patients with mild to moderate COVID-19 symptoms in India.

It’s not just Indian companies that have been targeted. Hackers linked to the Chinese government also targeted American biotech company Moderna Inc. that has been working on developing a COVID-19 vaccine. As per Reuters, China has rejected this accusation. In July 2020, US Department of Justice had charged two Chinese hackers who, among other things, targeted companies developing COVID-19 vaccines, tests and treatments.

Lazarus Group sounds familiar

Lazarus Group from North Korea has been suspected to be behind a number of cyber attacks in India.

  • In June 2020, the Indian Computer Emergency Response Team (CERT-In) had warned about large-scale phishing campaign against Indian citizens and businesses under the pretext of dispensing government funds for COVID-19 related initiatives. CERT-In’s resources suggested that Lazarus was behind the attack.
  • As per a Kaspersky report from September 2019, Lazarus had created a spyware called Dtrack that Kaspersky had discovered in Indian ATMs in 2018 and was used to steal customer data.
  • The malware that infected Kudankulam Nuclear Power Plant’s external network in September 2019 had similar strains to Dtrack. Dtrack also had similarities with another campaign — DarkSeoul — in 2013 that targeted three television stations and bank in South Korea along with ATMs and mobile payments in the country.

Read more:

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....


By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...


By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...


By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...


This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like


Amidst rising cyberattacks in India, the ministry said that government agencies were formulating crisis management plans, holding mock drills, and continuously monitoring cyber threats....

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ