Russian and North Korean hackers targeted COVID-19 research, according to Microsoft

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft detected Russian and North Korean hackers targeting data related to COVID-19 research.
  • The primary target of the attacks include vaccine researchers and leading pharmaceutical companies.
  • Microsoft has offered help to targeted organizations.

Microsoft reports that it's detected multiple cyber attacks by nation-state actors that target companies involved in researching treatments and vaccines for COVID-19. The targets include companies in Canada, France, India, South Korea, and the United States, though Microsoft did not share the names of the companies. According to Microsoft, the attacks come from three nation-state actors, one from Russia and two originating from North Korea.

Microsoft states that the majority of the attacks were stopped by security protections built into its products, but that it's offered help to organizations that have been successfully hacked.

The Russian actor is known as Strontium, but is better known as APT28 or Fancy Bear, as pointed out by Tech Crunch. It utilizes password spraying and brute force login attempts to steal login credentials. The goal of its attacks is to break into people's accounts.

Latest Videos From

The two North Korean actors are known as Zinc and Cerium. Zinc, also known as the Lazarus Group, primarily uses spear-phishing lures to steal people's credentials. Zinc pretended to be a recruiter and sent messages to people with fake job descriptions. Cerium also uses spear-phishing lures. Cerium pretended to be World Health Organization representatives.

Microsoft's news of the detected attacks coincides with the Paris Peace Forum. Microsoft president Brad Smith is calling on governments to do more at the forum today. "Microsoft is calling on the world's leaders to affirm that international law protects health care facilities and to take action to enforce the law," says Microsoft in its blog post.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.