The Russian hacker group Strontium conducted a cyber attack on a number of Western companies involved in creating a vaccine and treatment methods for the COVID-19, Microsoft said. The attackers ‘ goal was to break into the personal accounts of company employees. Most of the attacks were blocked by security features built into Microsoft products.
Microsoft has accused the Russian hacker group Strontium, as well as two North Korean associations Zinc and Cerium of cyber attacks on seven leading pharmaceutical companies from Canada, France, India, South Korea, and the United States that are developing vaccines and treatments for the COVID-19.
The attacked companies ‘ vaccines are at different stages of clinical trials. A clinical research organization and the company that developed the Covid-19 test were also targeted for malicious hacking. Most of the organizations targeted by hackers have contracts or receive direct investment from government agencies in their countries.
“Two global challenges will help shape people’s memories of this period of history-Covid-19 and the increased use of the Internet by hackers to undermine society. It is worrying that these issues have now merged, as cyber-attacks are being used to disrupt the work of health organizations fighting the pandemic,” the US digital giant said in a statement.
Strontium tried to find passwords for stealing credentials in order to hack the personal accounts of employees
Zinc mainly used phishing tools to steal credentials, sending messages with fictitious job descriptions, posing as recruiters. Cerium hackers engaged in targeted phishing, posing as representatives of the world health organization.
Most of the attacks were blocked by security features built into Microsoft products, the company explained.
Earlier this month, on the eve of the US presidential election, the US authorities authorized cyberattacks on state institutions in Russia and Iran, NBC reported. This was done in order to neutralize “attempts to interfere” in the electoral process.
The channel noted that this significantly reduced the number of hacker attacks during the US election, so “in cyberspace, in the world of hackers (during the vote. — «Newspaper. EN”) it was very quiet.” At the same time, NBC did not name the source of the relevant information.
Earlier, the FBI, the US cybersecurity and infrastructure protection Agency (CISA), and the Department of health and human services (HHS) warned Americans about “imminent” hacker attacks by cybercriminals with ties to Russia, the New York Times reported.
The main target of the attackers are hospitals and medical centers – the attackers attack them with extortion viruses, blocking the computer systems of the institutions.
According to intelligence agencies, hackers use the TrickBot Trojan to infiltrate organizations and then infect networks with the Ruyk malware, which encrypts all files and demands ransom money for unlocking them.
According to the NYT, “Russian hackers” attacking hospitals are based in Moscow and St. Petersburg
At the same time, they allegedly have a list of 400 medical centers that they plan to hack. So far, they have been able to enter only 30 institutions from the list.
In mid-October, the US department of justice filed charges against six Russians – allegedly “GRU officers” — for hacking into the 2018 Pyeongchang Winter Olympics and the 2017 French presidential election.
According to the American side, Russian military intelligence officers took part in a series of operations to hack and introduce malicious software in order to attack the infrastructure of other countries in order to promote Russia’s interests.
In addition, the document accused the Russians of trying to interfere in the Affairs of Ukraine and Georgia, as well as of intending to interfere with international efforts to hold Moscow accountable for the use of the Novichok nerve poison.
“A Grand jury in Pittsburgh has indicted six computer hackers-officers of the GRU’s 74455 unit,” the ruling said.
The American side said that these computer attacks used some of the most destructive malware in the world, including KillDisk and Industriyer, they caused power outages in Ukraine.
The hackers also used the NotPetya program to attack hospitals and other health facilities in the Heritage Valley health system in the Western District of Pennsylvania.
In addition, this SOFTWARE attempted to interfere with the work of a subsidiary of FedEx Corporation-TNT Express BV, as well as an unnamed major pharmaceutical manufacturer.
The total loss from these attacks was about $1 billion
In addition, the attackers used the Olympic Destroyer program, which resulted in the failure of thousands of computers used to accompany the winter Olympic games in Pyeongchang.
The Ministry also published the names of the accused: Yury Andriyenko (32), Sergei Detistov (35), Pavel Frolov (28), A. Kovalev (29 years), Artem Ochichenko (27 years), and Peter Pliskin (32).
The Agency also points out that Kovalev was previously charged in the district of Columbia with conspiring to gain unauthorized access to the computers of American individuals and businesses involved in the 2016 us presidential election.
All these charges are unsubstantiated-said by the Chairman of the State Duma Committee on International Affairs, Leonid Slutsky.
“New accusations of cyberattacks aimed at interference are another step to discredit Moscow. Never before have such statements been accompanied by strong evidence — this is all from the category of highly likely, ” the parliamentarian explained.
He called all the information contained in the US justice Department’s ruling “nonsense, “Interfax reports.
It is no longer possible to comment. It is time for our “strategic friends” to change their repertoire in their desire to denigrate Russia, ” the MP concluded.