Coronavirus: suspected North Korean hackers pose as recruiters to target vaccine firm AstraZeneca
- The intruders posed as recruiters on LinkedIn to approach the UK drug maker’s staff with fake job offers
- They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer
The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers, the sources said. They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer.
The hacking attempts targeted a “broad set of people” including staff working on Covid-19 research, said one of the sources, but are not thought to have been successful.
The North Korean mission to the United Nations in Geneva did not respond to a request for comment. Pyongyang has previously denied carrying out cyberattacks. It has no direct line of contact for foreign media.
AstraZeneca, which has emerged as one of the top three Covid-19 vaccine developers, declined to comment.
01:29
US indicts Chinese men for hacking related to coronavirus vaccine data and defence secrets
The campaign has previously focused on defence companies and media organisations but pivoted to virus-related targets in recent weeks, according to three people who have investigated the attacks.
Cyberattacks against health bodies, vaccine scientists and drug makers have soared during the Covid-19 pandemic as state-backed and criminal hacking groups scramble to obtain the latest research and information about the outbreak.
Western officials say any stolen information could be sold for profit, used to extort the victims, or give foreign governments a valuable strategic advantage as they fight to contain a disease that has killed 1.4 million people worldwide.
AstraZeneca to run fresh vaccine trial after issues with current test
South Korean lawmakers said on Friday that the country’s intelligence agency had foiled some of those attempts.
Some of the accounts used in the attacks on AstraZeneca were registered to Russian email addresses, one of the sources said, in a possible attempt to mislead investigators.
Pyongyang has described the allegations as part of attempts by Washington to smear its image.