Microsoft says that it has detected three state-sponsored hacking campaigns (also known as APTs) against at least seven well-known companies involved in COVID-19 research and treatments. Microsoft attributes the attacks to a group in Russia and two groups in North Korea.
The Russian group called Strontium (also known as Fancy Bear or APT28) employs password spraying and brute force attacks to get login credentials, breach victims' accounts and steal sensitive data. The first North Korean group, called Zinc (or Lazarus group) mainly relies on spear-phishing email campaigns by sending messages with fabricated job descriptions, posing as recruiters, targeting workers at companies.
The second North Korean group, called Cerium, is a new group. Microsoft says that Cerium carried out spear-phishing with email lures using topics connected to COVID-19 while posing as World Health Organization representatives.
According to Microsoft, the companies are located in Canada, France, India, South Korea, and the US.