APT Groups Target Firms Working on COVID-19 Vaccines

The software giant says the attacks in recent months on six large pharmaceutical companies and one clinical research firm - which it did not identify - were blocked. The attacks were waged by Strontium, a threat actor in Russia, and two hacker groups in North Korea - Zinc and Cerium, the company says.

Strontium is also referred to by security researchers as FancyBear and APT28. Zinc is better known as The Lazarus Group. Cerium appears to be a new group.

"Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people's accounts using thousands or millions of rapid attempts," according to a blog post by Tom Burt, Microsoft's corporate vice president of customer security and trust.

"Zinc has primarily used spear-phishing lures for credential theft, sending messages with fabricated job descriptions pretending to be recruiters," the blog notes. "Cerium engaged in spear-phishing email lures using COVID-19 themes while masquerading as World Health Organization representatives."