wordpress blog stats
Connect with us

Hi, what are you looking for?

Russian, North Korean hacker groups targeted COVID-19 research companies in India, elsewhere: Microsoft

Photo of syringe

State-backed actors from Russia and North Korea have launched cyber attacks against at least seven companies researching COVID-19 vaccines and treatments in India, USA, Canada, France and South Korea, Microsoft announced on November 13. Of these companies, one is a clinical research organisation involved in trials while another has developed a COVID-19 test. A number of targets have government contracts or investments for COVID-19 related work, Microsoft said.

We have reached out to Microsoft to know which Indian companies were targeted.

Who is behind the attack? Three nation-state actors — one from Russia (Strontium, also known as Fancy Bear, APT 28, Pawn Storm) and two from North Korea (Zinc, also known as Lazarus and Hidden Group; and Cerium).

The modus operandi: As per Microsoft, the three advanced persistent threat (APT) groups used different ways to target companies:

  • Strontium used password spray (using common passwords to break into multiple accounts) and brute force (trying multiple passwords on one account) login attempts to steal login credentials.
  • Zinc used spearphishing tactics (luring people with specially crafted emails and messages) to steal credentials. They masqueraded as recruiters and sent fabricated job descriptions.
  • Cerium used COVID-19 related themes in its spearphising emails and donned the guise of the World Health Organisation (WHO).

Dr Reddy, Lupin targeted by cyber attackers in the past

  • On October 22, Dr Reddy’s Laboratories disclosed that it was a victim of a cyber attack which it later revealed to be a ransomware attack. The disclosure came five days after the pharmaceutical company had announced that it, along with Russia’s sovereign wealth fund Russian Direct Investment (RDIF), had received approval from the Drugs Controller General of India (DGCI) to conduct phase 2/3 human clinical trial for Sputnik V vaccine in India. As part of a September 2020 partnership, RDIF will supply 100 million doses of the vaccine to Dr Reddy upon regulatory approval in India.
  • A fortnight after the Dr Reddy incident, Mumbai-based pharma company Lupin Limited also confirmed an “information security incident” that had affected its IT systems. In August, the company had launched a drug, called Favipiravir, to treat patients with mild to moderate COVID-19 symptoms in India.

It’s not just Indian companies that have been targeted. Hackers linked to the Chinese government also targeted American biotech company Moderna Inc. that has been working on developing a COVID-19 vaccine. As per Reuters, China has rejected this accusation. In July 2020, US Department of Justice had charged two Chinese hackers who, among other things, targeted companies developing COVID-19 vaccines, tests and treatments.

Lazarus Group sounds familiar

Lazarus Group from North Korea has been suspected to be behind a number of cyber attacks in India.

Advertisement. Scroll to continue reading.
  • In June 2020, the Indian Computer Emergency Response Team (CERT-In) had warned about large-scale phishing campaign against Indian citizens and businesses under the pretext of dispensing government funds for COVID-19 related initiatives. CERT-In’s resources suggested that Lazarus was behind the attack.
  • As per a Kaspersky report from September 2019, Lazarus had created a spyware called Dtrack that Kaspersky had discovered in Indian ATMs in 2018 and was used to steal customer data.
  • The malware that infected Kudankulam Nuclear Power Plant’s external network in September 2019 had similar strains to Dtrack. Dtrack also had similarities with another campaign — DarkSeoul — in 2013 that targeted three television stations and bank in South Korea along with ATMs and mobile payments in the country.

Read more:

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ