Russia’s most well-known hacker groups – Fancy Bear and Cozy Bear – are believed to be linked to the country’s intelligence organizations, according to Western security agencies.
Fancy Bear, the better-known of the two, is linked to GRU military intelligence and is accused of being behind the hack into the US Democratic Party’s computers ahead of the 2016 presidential election, the proceeds of which have been widely disclosed .
Microsoft, which calls the Strontium group, accused Fancy Bear last week of targeting Covid-19 vaccine makers using “password spray and brute force login attempts” – attacks that use ” thousands or millions ”of quick attempts to access the network by guessing the password.
In July, Britain’s NCSC accused Cozy Bear, linked in various ways to Russia’s national FSB and SVR agencies, of targeting drug research labs in the UK, US and Canada. Its aim, according to the NCSC, was likely to “steal information and intellectual property relating to the development and testing of Covid-19 vaccines.”
Hackers in the group have sought access to a wide variety of systems related to medical research, often trying to exploit known unresolved vulnerabilities in an attempt to gain long-term access.
China has been accused of being engaged in Western hacking activities for many years, with units linked to the country’s former People’s Liberation Army leading the way.
In 2015, Chinese President Xi Jinping and then-US President Barack Obama struck a deal promising not to “knowingly support the theft of intellectual property over the Internet” for commercial purposes – resulting in a withdrawal partial then a restructuring.
As US-China relations deteriorated, especially after Donald Trump became president, Chinese activity has restarted, this time linked to the country’s Ministry of State Security (MSS), the main spy agency. civil status of the country.
Chinese groups tend to focus more on economic gain than political gain, according to researchers at Mandiant FireEye, who last year identified a group known as APT 41, whose “espionage targeting is” is generally aligned with China’s five-year economic development plans ”.
Despite the pandemic, APT 41, sometimes known as the Wicked Panda, began the year with major campaigns to exploit security vulnerabilities in corporate computer networks connected to the Internet, including government systems. British.
In September, the US FBI filed charges against what it called five key figures in APT 41, in which it said one of them told a colleague he was “very close ”to the MSS. China, however, denies being engaged in spy-related espionage.
Iran, one of the countries worst affected by the coronavirus, was accused of targeting the World Health Organization in early April using phishing techniques, in which emails were sent to encourage staff members to click on a link containing malware to attempt to steal passwords. and access systems.
A similar type of Iranian attack on Gilead Research, the US maker of the antiviral drug remdesivir, seen as a potential Covid-19 treatment, has been detected by researchers at Israeli cybersecurity firm ClearSky. In one case, a senior official responsible for legal and corporate affairs was on receipt of a phishing email.
Cybersecurity researchers say several hacker groups operate from Iran, engaged in both political and economic attacks. One researcher said the targeting of Gilead bore similarities to the methods used by the Charming Kitten group, previously accused of targeting journalists, academics and human rights activists in Iran, sometimes masquerading as journalists themselves.
North Korean hacker groups are linked by Western governments to the country’s General Reconnaissance Bureau. Microsoft has accused the best-known group, commonly known as Lazarus but by the US software publisher as Zinc, of being involved in spear phishing, or targeted email attacks, against people working in research organizations related to Covid-19.
He said the techniques Lazarus or Zinc used included “spear phishing lures for theft of credentials, sending messages with fabricated job descriptions pretending to be recruiters.” Another group, called Cerium by Microsoft, used the same email spear phishing methods, but this time masquerading as WHO officials.
Lazarus first appeared around 2014 in the consciousness of Western cybersecurity groups and before Covid-19 was accused of being involved in a wide range of activities.
Last year, the US Treasury, announcing sanctions against the group, said it was involved in the destructive WannaCry ransomware attack in 2017, which particularly hit the NHS in the UK, compromising systems for ” one third of hospitals and 8% of general practitioners’ practices. British agencies made a similar attribution.
Other countries have also been identified as pursuing secrets of Covid-19 via hacking. In April, FireEye said it detected an operation led by a Vietnamese group, carrying out intrusion campaigns against China in the early stages of the pandemic crisis between January and April.
Spear phishing messages were sent to public authorities in Wuhan, the site of the disease’s first major outbreak, with malware concealed under cover of a New York Times live blog with the latest news from the crisis .