North Korean hackers tried to trick COVID-19 vaccine makers by posing as WHO officials

North Korean hackers tried to trick COVID-19 vaccine makers by posing as WHO officials
Supreme Leader of North Korea Kim Jong Un.Getty
  • North Korean and Russian state-backed hacking groups have tried to target COVID-19 vaccine-makers, Microsoft said in a blog post on Friday.
  • One of the North Korean groups, known as Cerium, tried to gain access to systems by sending "spear-phishing" emails posing as WHO officials.
  • A second North Korean group, pretending to be recruiters, sent emails containing phoney job descriptions.

State-backed hackers are trying audacious tactics to break into the systems of COVID-19 vaccine-makers.

In a blog post Friday, Microsoft detailed several attempted cyberattacks it had detected in recent months that targeted companies working on COVID-19 vaccines and treatments. Microsoft said three state-hacking groups, one Russian and two from North Korea, conducted the attacks.

Although it did not name the targets, Microsoft said they included seven "prominent" companies involved in researching COVID-19 vaccine and treatment development across the US, Canada, France, India, and South Korea.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

One of the North Korean groups, known as Cerium, tried to gain access by posing as World Health Organization officials.

"Cerium engaged in spear-phishing email lures using COVID-19 themes while masquerading as World Health Organization representatives," Microsoft said.


Spear-phishing is a type of email scam where attackers pose as someone their target trusts to try to glean confidential information.

The other North Korean hacking group, known as Zinc, also used spear-phishing, although it chose a significantly less high-profile disguise. According to Microsoft, its hackers posed as recruiters, and sent emails with fake job descriptions.

The Russian group, named Strontium, used a brute-force technical approach known as "password spray."

"These are attacks that aim to break into people's accounts using thousands or millions of rapid attempts," Microsoft said in its blog post.

It is not clear from Microsoft's post exactly whether the hackers were looking to steal information from the companies, sabotage them, or had other motivations.


Over the course of the pandemic, developing a vaccine has become something of a new space race. Russian President Vladimir Putin said in August that the country had approved the world's first coronavirus vaccine named Sputnik V — although health experts raised serious concerns over its efficacy and safety.

Earlier in November, two days after US company Pfizer announced it had developed its vaccine that it said was 90% effective at protecting people against COVID-19, the Russian Direct Investment Fund (RDIF) put out a statement claiming that Sputnik V was 92% effective.