Microsoft says it has detected cyberattacks by hackers operating in Russia and North Korea against seven companies working on COVID-19 treatments and vaccines.
The tech giant described the cyberattacks in a post Friday morning, calling them “unconscionable” and saying they “should be condemned by all civilized society.”
“The key to this is accountability, and there will only be accountability if there is the kind of information sharing that can enable governments to assess what’s happening and then hold other governments, the nation-states that are violating these norms, accountable,” said Brad Smith, the Microsoft president, appearing virtually Friday at the Paris Peace Forum.
Microsoft is calling for more governments and organizations to join the Paris Call for Trust and Security in Cyberspace. The U.S., China and Russia have not signed on.
“I don’t see any path forward to success without more progress among the governments of the world,” Smith said. “And I say this at a time when I’m more optimistic about the leadership of my own government, the United States government, as we look to the new administration and the four years ahead.”
Microsoft said the attacks took place in recent months, targeting “leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States.”
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organization involved in trials, and one has developed a Covid-19 test,” wrote Tom Burt, Microsoft’s corporate vice president of customer security and trust, without disclosing the names of the companies or researchers. “Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”
Microsoft says the attackers include the Russian organization Strontium, also known as Fancy Bear, the same group believed to be responsible for the 2016 attacks against the Democratic presidential campaign and more recent attacks targeting the 2020 Republican and Democratic presidential campaigns.
In the COVID-19 attacks, Microsoft says the group used tactics including password spray, in which commonly used passwords are tried with a large number of user names, in addition to other brute-force attempts to break into accounts using tools that automatically guess a variety of passwords.
One North Korean organization, known as Zinc, attempted to steal login credentials by posing as job recruiters, using fabricated job descriptions, according to the company. Another, Cerium, tried a similar tactic, posing as World Health Organization officials.
Microsoft says the majority of the attacks were blocked by its security tools. The company has notified the organizations targeted by the attacks, and has offered assistance in cases where the attacks were successful.
