KEY POINTS

  • Kimsuky hacker group targeted at least six drugmakers
  • The cyberattacks targeted companies developing COVID-19 treatment
  • Russian and North Korean hackers attacked AstraZeneca in November

A group of North Korean hackers has targeted half a dozen pharmaceutical companies in the United States, United Kingdom and South Korea in a coordinated cyberattack.

Kimsuky, a notorious hacker group, targeted drugmakers working on potential coronavirus vaccines and treatments as part of an effort to steal sensitive information that could be sold or weaponized by the North Korean regime.

Authorities said any stolen information could be used to extort victims or give foreign governments a strategic advantage.

Since August, the hackers have worked to infiltrate U.S. companies Johnson & Johnson and Novavax Inc. The hackers also launched coordinated cyberattacks on South Korean companies Genexine Inc., Shin Poong Pharmaceutical Co. and Celltrion Inc., sources told the Wall Street Journal.

Both American drugmakers are working on experimental vaccines for the novel coronavirus, while the three South Korean pharmaceutical companies are holding early clinical trials of their COVID-19 drugs.

The “Kimsuky” hackers create e-mail accounts that enable them to pose as colleagues or friends. The messages contain malicious attachments that , when clicked on, would allow hackers to penetrate the targets’ computer systems.

It is unclear whether the hackers have stolen crucial information from any of their target companies.

The latest hacking attempt came a week after Kimsuky attempted to break into the systems of British biopharmaceutical company AstraZeneca, two people familiar with the incident told Reuters.

The hackers reportedly posed as recruiters on LinkedIn and WhatsApp, where they found and approached AstraZeneca employees with fake job offers. They then sent a document containing “more information about the job.” It was later discovered that the files had malicious codes designed to grant the hackers access to their target’s computers.

The “Kimsuky” hackers targeted multiple employees, including people who were working on crucial coronavirus research. However, the hacking attempt was unsuccessful.

In November, Microsoft said it had detected cyberattacks against seven firms involved in researching and producing COVID-19 treatments. The cyberattacks had been traced to a Russian hacker group “Strontium,” which also is called “Fancy Bear,”and two North Korean groups named “Zinc” and “Cerium,” the New York Post reported.

“The majority of these attacks were blocked by security protections built into our products. We’ve notified all organizations targeted, and where attacks have been successful, we’ve offered help,” Microsoft said.

The tech company refused to reveal how many of the attacks had been successful. They also declined to give more information on what kind of data breaches the hackers caused.

hacker-bitcoin-cryptocurrency-money-finances-laptop-illegal-getty_large
Cryptocurrency Getty