Cybercriminals target UK COVID research

Suspected North Korean hackers have targeted staff at British pharma company AstraZeneca as it conducts clinical trials of the COVID vaccine it developed with Oxford University.

The cybercriminals used phishing emails to target employees at AstraZeneca. Posing as recruiters on WhatsApp and LinkedIn, they persuaded employees looking for a change of job to download “job descriptions” that were stuffed with malware.

Given the timing of the campaign, it’s almost certain that data on the vaccine trials was the target.

The UK has recently bought at least 5 million doses of Moderna’s COVID vaccine, with a claimed effectiveness of 95%, as well as 355 million doses of other potential vaccines developed by other companies, and is monitoring the trials of AstraZeneca’s vaccine.

A Reuters exclusive, from unknown sources “with knowledge of the matter”, revealed that the hackers targeted a wide range of employees at AstraZeneca, including those working on the research. Although they’re not thought to have succeeded, their modus operandi was characteristic of an ongoing hacking campaign US officials and researchers attribute to North Korea.

The UK’s National Cyber Security Centre (NCSC) responded to the report by saying it was providing ongoing, proactive support to British healthcare organisations, was fully committed to protecting the vaccine research, and had been making the security of the health sector as a whole its top priority since the start of the pandemic. It described the sector as “our most critical asset”.

However, the NCSC refused to give any specific info on what did or didn’t happen at AstraZeneca, saying it doesn’t normally give out updates on organisational matters.

This comes in the wake of Microsoft’s recent warning about North Korean hacker groups Cerium and Zinc and Russian group Strontium launching cyberattacks on organisations working on vaccine research in the US, Canada, India, France, and South Korea.