“Two global issues will help shape people’s memory of this moment in history: Covid-19 and the increased use of the Internet by evil actors to disrupt society.” Thus begins a statement from Microsoft in which it accuses Russia and North Korea of being behind the attacks. “Targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States,” said the statement from Bill Gates’ firm. The attacks came from Strontium, an actor originally from Russia, and two actors from North Korea we call Zinc and Cerium.
In total the attacks would have affected seven laboratories and although Microsoft managed to block most of them, also acknowledged that some were successful, although it does not indicate the firms that were affected. “We believe that these attacks are inconceivable and should be condemned by all civilized society,” said Tom Burt, Microsoft’s head of security.
To better understand the current panorama and how this may affect the development of the vaccine, we spoke with José Rosell, a partner at the specialized cybersecurity firm S2 Grupo. “I don’t know what to call this, if cybercrime or an episode of cyberwarfare – Rosell explains in a telephone conversation – but in these episodes, one of the big problems is attribution. We can attribute it to a certain IP, to an internet address. For example, in China, but Does this mean that it originated in that country? No, it means that the IP is in China. I can buy a server in Russia, and launch an attack from there while in Madrid or Valencia, which makes it very difficult to attribute an incident to a specific state or group ».
According to Microsoft, the Russian attacker was Strontium, known for his disinformation and hacking operations in the run-up to the 2016 presidential elections. The other two groups would be backed by the North Korean regime, one of which Microsoft calls But Zinc is better known as the Lazarus Group, and would have been responsible for the Sony hack in 2016 and the WannaCry ransomware attack in 2017. How do you know this?
“Experts analyze viruses with reverse engineering – says José Rosell -. And we evaluate how they are designed. If we see characters in Cyrillic we could say that it is Russian, if we see Chinese characters, its origin would be China. This is safe? No, because those who develop it already know it and if they want to go unnoticed and pretend that they are Chinese viruses, they put Chinese characters on them, buy a server there with bitcoins and it’s done. This makes the prosecution of crime on the internet very complicated. We can have an idea, but not the certainty. The attribution is very complicated and the prosecution of the crime even more so.
When determining the origin of an attack, another factor that experts like Rosell analyze is the target of cybercriminals. It is not the same target that organized groups are targeting as that pursued by state-sponsored pirates.
“In general, mafia groups or criminal organizations focus on issues of extortion or data theft,” added Rosell. For its part, this type of attack, like the one Microsoft denounces, is more linked to the own destinations of cybercriminals linked to certain governments. To this we must add that heThe engineering required to create some viruses requires a lot of money and resources. We are often amazed at the level reached in certain malware, increasingly complex and with a very high knowledge of what they are doing. It is very difficult to fight against this since they have thousands of fronts to attack and they are more creative every day.
This is the latest effort by hackers, trying to exploit the Covid-19 pandemic for their own purposes. At the beginning of this year, The FBI and US Homeland Security have warned that hackers would attempt to steal vaccine research being developed against the coronavirus. But it won’t be the last, far from it. The increase in work from home (which went from 5% to more than 40%) and digital traffic (which increased to 55%) has caused even more fronts to be opened. And if we add to that the little security training we have as users … well, honey on flakes for hackers.
This news coincides with the Paris Peace Forum, where the president of Microsoft, Brad Smith, will urge all governments to do more to combat cyberattacks against the health sector, particularly during this pandemic.
“Microsoft is asking world leaders to affirm that international law protects healthcare facilities and to take action to enforce the law,” said Burt. “We believe that the law should be applied not only when attacks originate from government agencies, but also when they originate from criminal groups that governments allow to operate, or even facilitate, within their borders.”
In this case, the attacks would have occurred using false identities. The attackers allegedly posed as officials belonging to the World Health Organization and tried to deceive the employees of the pharmaceutical companies to deliver their login credentials. And some did. Microsoft called on world leaders to “affirm that international law protects healthcare facilities and to take action to enforce the law.” The problem is … what law?