North Korea Accused Of Pfizer Vaccine Hack

South Korean intelligence officials have said that a recent attack on pharmaceutical company Pfizer, targeting information on coronavirus vaccines, was executed by North Korea in an attempt to steal Covid vaccine data. 

The intelligence service briefed lawmakers during a closed-door session. “There were attempts to steal Covid vaccine and treatment technology during cyber attacks and Pfizer was hacked,” said a South Korean National Assembly member, speaking to Reuters.

North Korea has reported no cases of Covid-19, although its borders remain closed in a national quarantine effort and, given the nature of the North Korean regime, it is highly improbable that Covid-19 is not present there. If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by N.Korea against organisations involved in the research and development of Covid-19 vaccines.  

If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by North Korea against organisations involved in the research and development of Covid-19 vaccines. 

The attacks, which took place several months ago, appear to involve the use of spoofed logon pages for various online portals, which trick staffers at the target organisations into handing over their passwords.  “Nation state hacking is nothing new, and is something North Korea has a history of. In the past few years alone, North Korea has been held responsible for a number of cyber attacks causing disruption and financial losses on an unprecedented scale. ...No other country in recent history has resorted to printing fake US dollars. No other country deploys ransomware to blackmail bitcoins from their victims. No other country hacks international banking networks in order to steal money. In that line of thinking, it wouldn’t be surprising for them to try to hack vaccine data either.” commented F-Secure chief research officer Mikko Hypponen

This isn't the first time North Korea has been accused of hacking systems around the world to obtain vaccine data. In November 2020 Microsoft said, "two actors originating from North Korea that we call Zinc and Cerium" that it alleged were "targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19." Many security observers believe that the motivation might be to sell vaccine data on the black market as well as to in develop its own vaccine. 

Digital espionage targeting health bodies, vaccine scientists and drug makers has surged during the COVID-19 pandemic as state-backed hacking groups scramble to secure the latest research and information about the outbreak.

Last year suspected North Korean hackers tried to break into at least nine health organisations, including Johnson & Johnson, Novavax Inc, and AstraZeneca. South Korea's intelligence agency said it had foiled North Korean attempts to hack into South Korean companies developing coronavirus vaccines. The attack, similar to the attacks believed to be of Russian origin late last year, are also believed to be by state-backed actors.

Recently the US Department of Justice (DoJ) has charged three North Korean computer programmers with hacking offences related to a number of high profile data breaches, including a high profile attack on Sony Pictures in 2014. The men have been accused of attempting to steal more than $1.3 billion in money and crypto currency from a number of businesses around the world.

Reuters:   ITPro:   Healthcare IT News:   Telegraph:      Al Jazeera:   BBC:   Computer Weekly:     Image: Unsplash

You Might Also Read: 

Successful Hack On EU Vaccine Agency:

 

« Properly Securing Your Cloud System
Connected Cars & Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

L7 Defense

L7 Defense

L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

SoSafe

SoSafe

Modern awareness training that works. With memorable content on all areas of IT security, with measurable learning success and full data protection compliance.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

HORNE Cyber

HORNE Cyber

HORNE Cyber's offense-oriented approach to cybersecurity uncovers hidden cyber risk and significantly reduces exposure to security threats.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.