A North Korean hacking group is allegedly targeting staff members of British-Swedish vaccine developer AstraZeneca with fake job offers. The job descriptions they send, however, contain malicious code designed to deploy a Trojan on the victim’s machine as soon as the victim opens the file.
Prime Vaccine Candidate
Over the last few weeks, Pfizer, Moderna and AstraZeneca have emerged as the top three Covid-19 vaccine developers. AstraZeneca’s two-shot vaccine candidate demonstrated high efficacy. The company is now hurrying to submit their data to authorities around the world for conditional or early approval.
In fact, all three developers are breaking records. Typically, it takes several years to go from the development stage to an approved vaccine. Moreover, AstraZeneca has promised to make their vaccine available at cost price. This is expected to be around $3 (€ 2.50) per dose. AstraZeneca developed their vaccine in partnership with the University of Oxford.
Comparatively, Moderna’s vaccine will most likely cost around $25 per dose, while Pfizer entered a contract with the US Biomedical Advanced Research and Development Authority (BARDA) to provide vaccines at $19.50 per dose.
Hackers Pose as Recruiters
In recent weeks, two sources told Reuters that hackers have tried to break into the systems of AstraZeneca. To do so, the hackers posed as recruiters. They used networking site LinkedIn as well as messaging service WhatsApp to approach AstraZeneca staff members.
According to Reuters’ report, the hackers targeted a broad set of people, including staff members working on the Covid-19 vaccine. The tools and techniques they use, point to a North Korean hacking group that previously focused on defense companies and media organizations.
Once the hackers established contact with their target, they sent documents with so-called job descriptions. These documents, however, are laced with malicious code. As soon as victims open one of the documents, the malware deploys a Trojan. The aim is to gain access to the victim’s computer. Fortunately, so far, the hackers’ attempts have been unsuccessful.
Any stolen information could be very valuable. Hackers can use the data or information as leverage to extort victims, sell information to another party, or grant foreign governments an important strategic advantage. Even more unscrupulous is the fact that these attacks disrupt organizations fighting the pandemic.
Earlier this month, Tom Burt, Corporate Vice President Customer Security and Trust at Microsoft, condemned hackers targeting vaccine makers and other organizations combating Covid-19. His message included a warning about a North Korean actor called “Zinc”, who is known to pose as a recruiter and uses phishing lures with fabricated job descriptions.
North Korea has previously denied any involvement in these and any cyberattacks. Pyongyang officials said any allegations are part of repeated attempts to smear the country’s image. Some of the emails sent to AstraZeneca staff members appear to originate from Russia. According to one of Reuter’s sources, this seemed to be an attempt to mislead investigators.