North Korean and Russian hackers have reportedly targeted the accounts of seven companies involved in researching COVID-19 drugs and vaccines.
Microsoft said in some cases, the hackers have been successful, according to The Wall Street Journal (WSJ). While Microsoft would not name the companies, they said that the seven companies being targeted operate in the U.S., Canada, France, India and South Korea.
“Among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials,” Microsoft said in a blog post Friday.
The Russian hacking group allegedly behind the attacks is Strontium or Advanced Persistent Threat (APT) 28, according to the report. APT 28 has been linked to numerous cyberattacks on U.S. and European targets in the past, including hacking into the Democratic National Committee’s networks during the 2016 presidential election, according to The Hill.
Russian hacking groups have been accused of trying to steal vaccines before, with Britain’s National Cyber Security Center (NCSC) alleging in July that APT 29 attempted to break into academic and pharmaceutical companies for data on COVID-19 vaccines and treatment.
Cyberattacks could delay clinical trials or research as scientists across the globe rush to develop a vaccine for the virus that has claimed more than 1 million lives. (RELATED: 5 Chinese Nationals, 2 Malaysian Nationals Charged With Hacking, Department Of Justice Announces)
Dapo Akande, a professor of international law at the University of Oxford, told the WSJ that there needs to be stronger protections in international law for cyberattacks on health-care institutions.
“We need to kind of raise the profile and to raise the quality of the discussion around these issues as to what is off-limits,” he said, per the report.
Microsoft agreed, noting in their statement Friday that international law must protect health care facilities.
“Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” the statement reads. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated.”
In May the U.S. also accused China of attempting to steal American research into treatment and vaccines for COVID-19.