Reuters today is running a story saying “suspected” North Korean hackers have targeted employees at British drugmaker AstraZeneca in an attempt to infect their computers with malware. The company is one of the leading groups developing a promising COVID-19 vaccine.
Two people with knowledge of the matter who asked to remain anonymous said the hackers posed as recruiters on LinkedIn and WhatsApp and approached AstraZeneca staff with fake job offers. The documents purporting to be job descriptions were laced with “malicious code designed to gain access to a victim’s computer,” according to the report.
Though they were not successful, the attacks targeted a broad set of employees, including those working on COVID-19 research. The North Korean mission to the United Nations in Geneva reportedly declined to comment on the allegations.
The sources told Reuters “the tools and techniques used in the attacks showed they were part of an ongoing hacking campaign that U.S. officials and cybersecurity researchers have attributed to North Korea.”
The attack bears similarities to recent hacking campaigns against defense companies and media organizations, investigators said.
Microsoft issued an advisory this month warning that two North Korean hacking groups were targeting COVID vaccine developers in several countries. Their modus operandi, Microsoft said, was “sending messages with fabricated job descriptions.”
North Korea has been blamed for some of the most prominent cyber incidents, including the 2014 attack on Sony Pictures deployed in retaliation for the blockbuster movie “The Interview,” the global WannaCry ransomware pandemic in 2017, and many others.
Earlier this year, the US Departments of State, Treasury and Homeland Security, as well as the FBI, released a report offering guidance on the emerging North Korean cyber threat, highlighting the malicious activities of state-funded hacking groups.
The US government at the time offered a $5 million reward “for information leading to the identification of any individual who, at the direction of or under control of the North Korean government, aids or abets a violation of the Computer Fraud and Abuse Act.”