Microsoft noted that these targets are vaccine makers that have Covid 19 vaccines in various strategies of clinical trials and those that have developed Covid 19 tests. Furthermore, these targeted companies have contracts with or investments from government agencies from democratic countries for Covid 19 related work. Microsoft has named the state-actor from Russia, Strontium, and two actors originating from North Korea, Zinc and Cerium.
As per the tech giant, Strontium makes attempts to steal login credentials whereas Zinc is involved in spear-phishing lures for credential theft which involves sending messages pretending to be recruiters and Cerium again is involved in spear-phishing to lure COVID-19 themes pretending as World Health Organisations (WHO) representatives.
“Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people’s accounts using thousands or millions of rapid attempts. Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters. Cerium engaged in spear-phishing email lures using Covid-19 themes while masquerading as World Health Organization representatives,” Microsoft in a blog post noted.
According to the company, the majority of these attacks were blocked by security protections built into Microsoft’s products. Microsoft also noted that this is not the first time that healthcare companies were targetted by cyberattacks and that attackers recently used ransomware attacks to target hospitals and healthcare organizations across the United States.
Microsoft’s president Brad Smith participated in the Paris Peace Forum where he urged the governments to do more. "Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law. We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate or even facilitate within their borders. This is a criminal activity that cannot be tolerated," Microsoft noted.
In this year’s Paris Peace Forum, more than 65 healthcare-related organizations have joined the Paris Call for Trust and Security in Cyberspace. According to Microsoft, the Paris Call remains the “largest multi-stakeholder coalition addressing these issues” to prevent malicious cyber activities that threaten indiscriminate or systemic harm to people and critical infrastructure.