North Korean hackers detected searching for COVID vaccine manufacturing secrets

Science

North Korean hackers have been detected attempting to steal information from a multinational life sciences company involved in manufacturing coronavirus vaccines.

It comes despite the regime claiming there are no COVID-19 cases in North Korea, crediting its own strict travel restrictions, and even declining three million vaccine doses offered by UNICEF.

Incident responders uncovered the espionage campaign, which has been detailed in a presentation at the Black Hat conference by Rafe Pilling, a senior security researcher at Secureworks.

Pfizer/BioNTech's new pediatric COVID-19 vaccine
Image:
A member of parliament in South Korea claimed Pfizer was hacked by North Korea

The life sciences company, a client of Secureworks which has not been named, was compromised through a supply-chain attack similar to the SolarWinds hack which was attributed to Russian intelligence.

Mr Pilling told Sky News that the network effect of supply-chain attacks was being noticed by several threat actors, from state-sponsored spies through to financially motivated criminal groups.

“We’ve seen ransomware operators, for example, hit managed service providers in the US or some sort of central hub organisation, and being able to then sort of easily slide into dozens of other companies as a result,” he explained.

“So when a threat actor realises the network effect that can be gained from a supply chain attack, they will leverage it and I think more are doing so.”

More on Covid-19

Earlier this year, South Korea’s National Intelligence Service (NIS) distanced itself from a claim by a member of parliament that Pfizer had been hacked by North Korea.

The NIS bluntly stated the MP was “wrong”, although at the time of his announcement, the South Korean MP, Ha Tae-keung, stood by his assertion without commenting on whether the theft was successful.

Secureworks found evidence that the hackers were able to access the unnamed client’s network through a managed service provider (MSP), although they were caught before managing to steal any data other than network logs.

Attacks on MSPs to reach one of their clients is not unique to North Korea, and the UK and allies have accused hackers operating on behalf of the Chinese Ministry of State Security of using this tactic to steal intellectual property.

Please use Chrome browser for a more accessible video player


North Korea celebrates in PPE

North Korea has often been accused of sponsoring hackers to fill its cash-strapped coffers, amid international sanctions that ban most trade with the country.

While the targeting of the life sciences company does not appear to have a financial motive, it remains unclear how the North Koreans would manage to turn data about vaccine manufacturing into a physical vaccine, explained Mr Pilling.

Speaking to Sky News, he said: “I do wonder how easy it is to translate some of these intellectual property thefts in the science and technology area into the actual product itself.”

In February, the US charged three North Korean men with stealing and extorting more than $1.3bn (£940m) from financial institutions and cryptocurrency exchanges around the world.

At the time, the US assistant attorney general John Demers said: “Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars.”

Products You May Like