North Korea Accused Of Pfizer Vaccine Hack

Uploaded on 2021-03-03 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Health & Welfare

South Korean intelligence officials have said that a recent attack on pharmaceutical company Pfizer, targeting information on coronavirus vaccines, was executed by North Korea in an attempt to steal Covid vaccine data. 

The intelligence service briefed lawmakers during a closed-door session. “There were attempts to steal Covid vaccine and treatment technology during cyber attacks and Pfizer was hacked,” said a South Korean National Assembly member, speaking to Reuters.

North Korea has reported no cases of Covid-19, although its borders remain closed in a national quarantine effort and, given the nature of the North Korean regime, it is highly improbable that Covid-19 is not present there. If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by N.Korea against organisations involved in the research and development of Covid-19 vaccines.  

If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by North Korea against organisations involved in the research and development of Covid-19 vaccines. 

The attacks, which took place several months ago, appear to involve the use of spoofed logon pages for various online portals, which trick staffers at the target organisations into handing over their passwords.  “Nation state hacking is nothing new, and is something North Korea has a history of. In the past few years alone, North Korea has been held responsible for a number of cyber attacks causing disruption and financial losses on an unprecedented scale. ...No other country in recent history has resorted to printing fake US dollars. No other country deploys ransomware to blackmail bitcoins from their victims. No other country hacks international banking networks in order to steal money. In that line of thinking, it wouldn’t be surprising for them to try to hack vaccine data either.” commented F-Secure chief research officer Mikko Hypponen

This isn't the first time North Korea has been accused of hacking systems around the world to obtain vaccine data. In November 2020 Microsoft said, "two actors originating from North Korea that we call Zinc and Cerium" that it alleged were "targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19." Many security observers believe that the motivation might be to sell vaccine data on the black market as well as to in develop its own vaccine. 

Digital espionage targeting health bodies, vaccine scientists and drug makers has surged during the COVID-19 pandemic as state-backed hacking groups scramble to secure the latest research and information about the outbreak.

Last year suspected North Korean hackers tried to break into at least nine health organisations, including Johnson & Johnson, Novavax Inc, and AstraZeneca. South Korea's intelligence agency said it had foiled North Korean attempts to hack into South Korean companies developing coronavirus vaccines. The attack, similar to the attacks believed to be of Russian origin late last year, are also believed to be by state-backed actors.

Recently the US Department of Justice (DoJ) has charged three North Korean computer programmers with hacking offences related to a number of high profile data breaches, including a high profile attack on Sony Pictures in 2014. The men have been accused of attempting to steal more than $1.3 billion in money and crypto currency from a number of businesses around the world.

Reuters:   ITPro:   Healthcare IT News:   Telegraph:      Al Jazeera:   BBC:   Computer Weekly:     Image: Unsplash

You Might Also Read: 

Successful Hack On EU Vaccine Agency:

 

« Properly Securing Your Cloud System
Connected Cars & Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Ethyca

Ethyca

Ethyca builds automated data privacy infrastructure and tools for developers and privacy teams to easily build products that comply with GDPR, CCPA Privacy Regulations.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.