MSFT Microsoft Corporation

By Robert McMillan 

Cyberattacks originating in Russia and North Korea in recent months have targeted online accounts at seven companies researching Covid-19 drugs and vaccines, according to Microsoft Corp. -- in some cases successfully.

Microsoft declined to name the targets or say what information may have been gleaned, but said the seven are leading pharmaceutical companies and vaccine researchers operating in the U.S., Canada, France, India and South Korea.

"Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials," the company said in a blog post on Friday.

The attacks place an extra burden on drugmakers rushing to develop weapons to fight a virus that has infected close to 53 million people world-wide, including more than 10 million in the U.S., according to data from Johns Hopkins University. More than 1.2 million people have died in the global pandemic.

In addition to the espionage risk, cyberattacks could undermine the integrity of research or even delay clinical trials, said Dapo Akande, a professor of international law at the University of Oxford, who has called for protections in international law against cyberattacks on health-care institutions.

"We need to kind of raise the profile and to raise the quality of the discussion around these issues as to what is off-limits," he said.

The pandemic has exposed computer security as a serious and potentially life-threatening problem. Last month, hospitals across the U.S. were knocked offline by a ransomware attack that forced doctors and nurses to use pen and paper instead of computerized systems and delayed procedures.

The international race to develop a vaccine has evolved into a national-security issue as countries compete to stem the spread of the virus, protect their populations and revive their economies.

Covid cases have surged in recent weeks in the U.S. and Europe. Thursday's new case count in the U.S. set a record for the second day in a row, according to Johns Hopkins data, and exceeded 100,000 for the ninth day running.

On Monday, drugmaker Pfizer Inc. said early trial results showed its coronavirus vaccine was 90% effective in protecting users from Covid-19, and that it was on track to seek regulatory permission to sell the vaccine before December, assuming it proves to be safe. Hours later, U.S. health officials authorized use of the first treatment for nonhospitalized people with earlier-stage Covid-19. Two days later, Russia said preliminary results showed its Sputnik V vaccine was 92% effective against Covid-19.

Hacking activity around Covid-19 kicked off early in the pandemic. In July, Western intelligence agencies warned that Russia was engaged in a persistent and widespread attack on governments, think-tanks and other organizations working on vaccines.

According to Microsoft, the Russian-linked hacking group behind these latest cyberattacks is called Strontium or APT 28, and is different from the one identified by intelligence officials during the summer. APT 28, which the U.S. government says is linked to Russian military intelligence, is connected to series of cyberattacks on U.S. and European targets over the past decade, according to cybersecurity investigators.

APT 28 targeted the drug companies' online accounts by training millions of rapid-fire login attempts at computer systems, hoping to get lucky and guess its way into a victim's account.

Microsoft said that two North Korean hacking groups, posing as the World Health Organization or job recruiters, set out phony "phishing" emails to lure victims into divulging their credentials.

Russia and North Korea have denied engaging in cyber espionage.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

November 13, 2020 11:19 ET (16:19 GMT)

Copyright (c) 2020 Dow Jones & Company, Inc.