Russian and North Korean hackers are targeting COVID-19 vaccine researchers

Microsoft's security researchers say they've stopped several attempted cyberattacks against pharmaceutical companies in recent months.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

Hackers are sending phishing emails to vaccine researchers, Microsoft said.

Yulia Reznikov / Getty Images

Hackers from Russia and North Korea are looking to phish their way out of the coronavirus pandemic, Microsoft said Friday. The tech giant released details on cyberattack campaigns it's spotted against pharmaceutical companies and COVID-19 vaccine researchers around the world in a plea for governments to step in. 

The coronavirus pandemic is expected to get much worse during the winter, as the number of deaths and infection cases continue to rise. While measures like wearing masks and social distancing can help reduce the amount of cases, researchers are racing to create a vaccine that would give a more permanent solution to the pandemic. 

On Nov. 9, Pfizer announced its vaccine had a 90% effective rate during its trial period. Cyberattacks have spiked during the pandemic, and health care workers are a growing target

In July, officials from the US, UK and Canada called out Russia for attempting to hack COVID-19 vaccine researchers, while the FBI warned in May that Chinese hackers were targeting researchers for data related to COVID-19 testing. 

In a blog post on Friday, Microsoft's vice president on customer security and trust Tom Burt detailed what these hacking attempts look like. The company declined to disclose which vaccine researchers had been targeted but noted that they included clinical research organizations running vaccine trials and one that has developed a COVID-19 test. 

Russia's hacking efforts have mostly been brute-force login attempts, which try to access accounts by using a bot that tries all possible combinations of credentials. 

North Korea's hacking efforts have been more targeted, sending crafted email lures to employees and researchers. The emails would pretend to come from the World Health Organization or job recruiters, Burt said. 

Watch this: Vaccines, antibody tests, treatments: The science of ending the pandemic

The majority of the hacking attempts were blocked, but they indicate the efforts that nation-state hackers are taking to steal research for a COVID-19 vaccine. Burt called for governments to take action against Russian and North Korean hackers behind these efforts, but he didn't clarify what they should be. 

"At a time when the world is united in wanting an end to the pandemic and anxiously awaiting the development of a safe and effective vaccine for COVID-19, it is essential for world leaders to unite around the security of our health care institutions and enforce the law against cyberattacks targeting those who endeavor to help us all," the Microsoft executive said in his post. 

Governments frequently charge hackers from Russia, China and North Korea for cyberattacks like the NotPetya attack, the Equifax breach and the WannaCry ransomware, but extradition laws make it unlikely that the hackers will face consequences. 

If the hackers are acting on behalf of their country's military orders, it's even less likely that their governments would punish them for those cyberattacks. 

Microsoft is a part of a coalition of organizations that want governments to work together to stop cyberattacks on healthcare providers

"We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders," Burt said. "This is criminal activity that cannot be tolerated."