Microsoft has said that they have detected hacking attempts on Covid-19 researchers. The Covid hackers are believed to be sponsored by Russian and North Korean governments. Microsoft has urged world leaders to take criminal action against the two countries
Russia and North Korea sponsored hackers are targeting researchers and companies involved in the development of the Covid vaccine, according to technology giant Microsoft. The targeted researchers are located in India, the United States, Canada, France and South Korea. The hackers have also succeeded in collecting information from the researchers in some cases, according to the company.
Microsoft vice-president for customer security and trust Tom Burt said in his blog post that so far seven key companies have been targeted. They include vaccine researchers at different stages of clinical trials. A developer of Covid test and a clinical research organisation involved in trials have also been targeted, Burt said.
Read the full text here
This poses potential risks for organisations that have received contracts or investments from governments for Covid-related researches. Both Russia and North Korea have denied the claims.
Serum Institute of India (SSI), the world’s largest vaccine manufacturer by volume, could be a potential target of the hackers. Located in Pune, SSI is backed by Bill & Melinda Gates Foundation and is set to play a key role in mass production of vaccines as and when the Covid remedy is ready for public use.
But, Microsoft has not confirmed if SSI is the Indian research facility targeted by the hackers. The affected parties have however been informed about the hacking attempts.
Why do hackers target Covid researchers?
This is not the first time Covid researches have been targeted by state-sponsored hackers.
In July, the US justice department said that hackers supported by the Chinese government have been targeting their vaccine research. The US government also initiated criminal proceedings against two Chinese men who spied on a Massachusetts biotech firm. They had also hacked a company based in Maryland, a week after it announced that they were conducting research on Covid.
Prior to this, the UK, the US and Canada had accused Russia of seeking to steal Covid-related research material. Previous incidents of state-based hackings have been about espionage, rather than disruption. But there has also been an increasing number of cases of criminal groups using ransomware against hospitals.
There is a lot at stake when it comes to Covid research. The country that first develops the vaccine will have huge financial and political advantages. Any disruption to Covid research in foreign organisations could give more mileage to research in countries that sponsor hacking. The vaccines could be sold to other countries at a very high price, although the World Health Organisation (WHO) is doing its best to curb the monopoly.
In the race to the vaccine, Russia and China had earlier announced that they have developed Covid vaccines. Named Sputnik-V, Russia has rolled out the vaccine for public use in the country, but its success rate is yet to be determined. Similarly, there are doubts over the vaccine developed by China too.
How do they hack Covid research?
Microsoft has said the Russia-sponsored hackers are using a password spraying method to get into the research systems. Russia-backed hackers are nicknamed Fancy Bear. Microsoft’s nickname for them is Strontium.
The hackers, Microsoft said, bombard research servers with millions of passwords in the hope of guessing the correct one. The US Presidential campaigns of Joe Biden and Donald Trump had also been targeted by Strontium recently. They had also used the password spraying method last year to hack into printers and other devices across the world to get access to the networks they are connected to.
Burt said the North Korea-sponsored hackers are called Zinc and Cerium. They are using phishing emails to get in touch with the vaccine researchers. While Zinc disguises themselves as job recruiters, Cerium pretends as officials of WHO to contact the scientists.
How to counter hackers?
Microsoft has called on the world leaders to take legal action against the governments sponsoring Covid research hacking. There are international laws that protect health care research, and any malpractice intended to disrupt it would be dealt under international law.
There have been hacking incidents like NotPetya and WannaCry in the past, which attracted legal proceedings from different countries. But, the extradition laws make it difficult for hackers in Russia, North Korea and China to be prosecuted.
Optimism about a Covid vaccine has grown since pharmaceutical giant Pfizer announced that their vaccine is 90 per cent effective. Following it, biotechnology firm Moderna announced on Monday that their vaccine has also recorded a 95 per cent success rate.
As the world gets closer to a successful vaccine, there needs to be more security for vaccine researchers. Tech giants like Microsoft have launched new features that alert health care and human rights organisations about hacking attempts. Microsoft has said 195 organisations have signed up for the feature to protect 1.7 million emails.