Suspected North Korean hackers recently tried to break into the systems of at least nine health organisations, including six pharmaceutical companies developing Covid-19 treatments in the US, the UK and South Korea, according to multiple reports published Wednesday.
The firms targeted have been identified as US’ Johnson & Johnson and Novavax Inc, both working on experimental vaccines. The attacker also tried to infiltrate UK-based AstraZeneca, whose Covid vaccine co-developed with the University of Oxford, has been shown to be as much as 90% effective.
The list also includes three South Korean companies with Covid-19 drugs in earlier clinical trials, Genexine Inc, Boryung Pharma Co Ltd, Shin Poong Pharm Co Ltd and Celltrion Inc. Covid-19 Vaccine Latest Update
Those targeted included the Beth Israel Deaconess Medical Center in Boston and the University of Tuebingen in Germany.
It wasn’t known whether the hackers succeeded in swiping useful information.
Attackers identified as “Kimusky”
A review of publicly-available Internet records by Reuters showed that web domains and servers used by the attackers have previously been identified by the U.S. government and security researchers as part of a North Korean hacking campaign.
Those investigating the attacks told Reuters, the hacking attempts began in September, using web domains mimicking online login portals to try and trick staff at the targeted organisations into revealing their passwords.
The suspected attackers have been identified as “Kimusky,” a group of North Korean-linked hackers infamous in cybersecurity circles for years of attempts to swipe national security intelligence from the U.S., South Korea and Japan, the Wall Street Journal reported.
Simon Choi, an expert at South Korean cybersecurity group IssueMakersLab, attributed the hacking attempts to North Korea and said it was clear the attackers were specifically hunting for information about COVID-19.
In the case of South Korea’s Celltrion, for example, he told Reuters the spies tried to break into an email account set up to field queries about Remsima, a monoclonal antibody which is being studied as a treatment for severe cases of the disease.
The spokesmen of Shin Poong and Celltrion said the hacking attacks were made but they hadn’t detected any damage. The Shin Poong spokesman told WSJ the attacks were carried out over email. The Celltrion spokesman said the hacking attacks had accelerated sometime in the second half of 2020.
Johnson & Johnson remains vigilant against threats to its data, a spokesman said. A Novavax spokeswoman said the company is aware of the foreign threats and is working with “appropriate government agencies and commercial cybersecurity experts.” Genexine is looking into the matter but hasn’t found evidence of any hacking attempt, Wall Street Journal reported.
AstraZeneca declined to comment to both Reuters and the Wall Street Journal on the reported hacking attempts.
Similar attacks in the past
Reuters had earlier reported similar attempts by North Korean hackers to break into the systems of British drugmaker AstraZeneca in recent weeks, as the company races to deploy its vaccine for the Covid-19 virus.
The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers, the sources said. They then sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer.
The hacking attempts targeted a “broad set of people” including staff working on Covid-19 research, said one of the sources, but are not thought to have been successful.
North Korea’s mission to the United Nations in New York did not immediately respond to a request by Reuters for comment.
North Korea has continued to say that it has not had a single COVID-19 case, a claim disputed by several outside experts.
Hackers linked to Iran, Vietnam, South Korea, China and Russia have on separate occasions been accused of trying to steal information about the virus and its potential treatments.
Western officials say any stolen information could give foreign governments a valuable strategic advantage as they fight to contain a disease.