Security News > 2020 > December > North Korean Hackers Trying to Steal COVID-19 Vaccine Research
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities in the post-exploitation process, leading the researchers to connect the two attacks to the North Korean government-linked hackers.
Notably, the incident at the pharmaceutical company - which is involved in developing and distributing a COVID-19 vaccine - saw the Lazarus group deploying the "BookCodes" malware, recently used in a supply-chain attack of a South Korean software company WIZVERA to install remote administration tools on target systems.
In a separate campaign aimed at the health ministry, the hackers compromised two Windows servers to install a malware known as "wAgent," and then used it to retrieve other malicious payloads from an attacker-controlled server.
Irrespective of the two malware clusters employed in the attacks, Kaspersky said the wAgent malware used in October shared the same infection scheme as the malware that the Lazarus group used previously in attacks on cryptocurrency businesses, citing overlaps in the malware naming scheme and debugging messages, and the use of Security Support Provider as a persistence mechanism.
News URL
Related news
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)