North Korea Accused Of Pfizer Vaccine Hack

Uploaded on 2021-03-03 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Health & Welfare

South Korean intelligence officials have said that a recent attack on pharmaceutical company Pfizer, targeting information on coronavirus vaccines, was executed by North Korea in an attempt to steal Covid vaccine data. 

The intelligence service briefed lawmakers during a closed-door session. “There were attempts to steal Covid vaccine and treatment technology during cyber attacks and Pfizer was hacked,” said a South Korean National Assembly member, speaking to Reuters.

North Korea has reported no cases of Covid-19, although its borders remain closed in a national quarantine effort and, given the nature of the North Korean regime, it is highly improbable that Covid-19 is not present there. If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by N.Korea against organisations involved in the research and development of Covid-19 vaccines.  

If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a number of attacks by North Korea against organisations involved in the research and development of Covid-19 vaccines. 

The attacks, which took place several months ago, appear to involve the use of spoofed logon pages for various online portals, which trick staffers at the target organisations into handing over their passwords.  “Nation state hacking is nothing new, and is something North Korea has a history of. In the past few years alone, North Korea has been held responsible for a number of cyber attacks causing disruption and financial losses on an unprecedented scale. ...No other country in recent history has resorted to printing fake US dollars. No other country deploys ransomware to blackmail bitcoins from their victims. No other country hacks international banking networks in order to steal money. In that line of thinking, it wouldn’t be surprising for them to try to hack vaccine data either.” commented F-Secure chief research officer Mikko Hypponen

This isn't the first time North Korea has been accused of hacking systems around the world to obtain vaccine data. In November 2020 Microsoft said, "two actors originating from North Korea that we call Zinc and Cerium" that it alleged were "targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19." Many security observers believe that the motivation might be to sell vaccine data on the black market as well as to in develop its own vaccine. 

Digital espionage targeting health bodies, vaccine scientists and drug makers has surged during the COVID-19 pandemic as state-backed hacking groups scramble to secure the latest research and information about the outbreak.

Last year suspected North Korean hackers tried to break into at least nine health organisations, including Johnson & Johnson, Novavax Inc, and AstraZeneca. South Korea's intelligence agency said it had foiled North Korean attempts to hack into South Korean companies developing coronavirus vaccines. The attack, similar to the attacks believed to be of Russian origin late last year, are also believed to be by state-backed actors.

Recently the US Department of Justice (DoJ) has charged three North Korean computer programmers with hacking offences related to a number of high profile data breaches, including a high profile attack on Sony Pictures in 2014. The men have been accused of attempting to steal more than $1.3 billion in money and crypto currency from a number of businesses around the world.

Reuters:   ITPro:   Healthcare IT News:   Telegraph:      Al Jazeera:   BBC:   Computer Weekly:     Image: Unsplash

You Might Also Read: 

Successful Hack On EU Vaccine Agency:

 

« Properly Securing Your Cloud System
Connected Cars & Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.