North Korean hackers attempted to infiltrate pharmaceutical giants, including AstraZeneca, to disrupt COVID-19 research. This hack is the latest state-sponsored move in the global data and intellectual property war. 

The attack was thwarted thanks to South Korea’s intelligence services. A member of South Korea’s national assembly, Ha Tae-keung, said that attempts by the North to target a list of undisclosed drug companies, were ultimately unsuccessful. His statements follow Microsoft’s report on previous Russian North Korean cyber attacks on research networks in the US, Europe and the UK.

Microsoft believes that these attacks were endorsed by governments in Russia and North Korea. The regime-supported attacks were aimed at specific research locations in India, South Korea, Canada, the US and France. Like South Korea’s national assembly report, Microsoft declined to name who the North Korean hacks targeted.

Adam Meyers, the Senior Vice President of IT specialist group CrowdStrike, has said that like threats from North Korea have reoccured frequently in the past 20 years.  Meyers states that recent activity from North Korea, Russia and China has been ‘focused on just one topic’.

‘What you are seeing here is the latest stage in a long-running intellectual property war, but one where there is much more at stake to those involved. This has become a matter of national pride – who can develop vaccines first.’ 

What did the Hackers Attempt to Do?

According to Microsoft’s report, the North Korean hackers tried to steal login details of individuals associated with Big Pharma firms. The hacks were disguised as job offer emails, that were embedded with malicious code. AstraZeneca staff members were offered new career opportunities via WhatsApp, LinkedIn and online. Additionally, other messages were sent that were also coded with malware. The messages containing the additional line of malware could have provided the hackers access to employee devices. 

Although unconfirmed by government bodies, the Wall Street Journal and the BBC report that Johnson & Johnson, Novavax and AstraZeneca were targeted. Previously, international cyber security agencies believed that the attacks were designed to steal vaccine designs and intellectual property from pharmaceutical companies. Since, it is now accepted that these state-sponsored attacks intended to disrupt vaccine rollout and implementation in various countries. As the world prepares to distribute COVID-19 vaccines, like the UK in the next weeks, the attacks have come at a critical time. 

International Response to the Hacks 

South Korea’s intelligence services briefed its allies at the beginning of the attacks. UK’s National Cyber Force (NCF) has stated that it will work closely to protect ‘our most critical assets’. The NCF will not be operating on a front-facing basis in the course of preventing further attacks. Instead, the agency will work with pharmaceutical companies to bolster their cyber security initiatives. Other intelligence agencies in the US and Europe are set to partner with drug companies to ascertain the number of fielded ‘everyday hacking attempts’. 

North Korea’s Response to the Hacks

North Korea has claimed that these allegations were another example of Western media besmirching its image. They have stated that reports on the hack were propaganda designed to smear the country’s political regime. However, these COVID-19 hacking accusations are not the first directed at North Korea.

Prior to this instance, Western governments have accused North Korea of sponsoring cyber warfare against them. North Korea has attempted to extract critical vaccine research from countries that have made significant headway in their COVID response. Hacking groups attempted these manoeuvres in order to sell the information for financial gain. 

Russia and China’s Involvement

Similarly, countries like Iran, China and Russia have also been accused of similar cyber activity. In particular, Russia has been directly involved in the recent hacks. AstraZeneca have reported that the emails sent to their employees were generated through Russian email addresses. Additionally, ‘password spraying’, a tactic used by Russian actors to guess simple passwords, was used in this series of attacks. 

Hackers from China used alternative methods. They leveraged connections in LinkedIn, and posed as Anglicised women to target older male officials in the pharmaceutical industry. The hackers disguised their profiles to mimic known recruiters, and initiated dialogue with targets on the professional network. Using this method, the hackers elicited information to be used in later phishing attacks.