Cybersecurity News in Asia

Features
- Featured
  
  How to talk to your board and C-suite about cyber-preparedness
  
  Thursday, June 1, 2023, 11:33 AM Asia/Singapore | Features, Newsletter, Tips
- Featured
  
  Ransomware trends APAC organizations should be mindful of
  
  Tuesday, May 30, 2023, 2:02 PM Asia/Singapore | Features, Malware & Ransomware
- Featured
  
  Generative AI – the cybercriminal’s latest tool of terror?
  
  Tuesday, May 23, 2023, 11:20 AM Asia/Singapore | Features
News
- Featured
  
  Automation and AI increase bot attack sophistication, evasiveness
  
  Thursday, June 1, 2023, 2:45 PM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Research sheds light on Cryptor-as-a-Service in the Dark Web
  
  Tuesday, May 30, 2023, 10:33 AM Asia/Singapore | News, Newsletter
- Featured
  
  Take a peek at ransomware victims’ failure points
  
  Tuesday, May 30, 2023, 10:13 AM Asia/Singapore | Malware & Ransomware, News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

There is big money in stealing vaccine research data

By CybersecAsia editors | Tuesday, December 29, 2020, 9:03 AM Asia/Singapore

Two recent incidents point to the Lazarus group as the advanced persistent threat attacking a pharma company and a government agency.

As the pandemic and restrictive measures across the world continue, many parties involved are trying to speed up vaccine development by any means available. While most of the work is well-intentioned, there is another side to this coin as some threat actors are trying to capitalize on this for their own gain.

In the autumn of 2020, cybersecurity researchers identified two advanced persistent threat (APT) incidents that targeted entities related to COVID-19 research: a health ministry agency and a pharmaceutical company. The experts assessed with high confidence that the activities can be attributed to the infamous Lazarus group.

The first attack against a Ministry of Health body involved the compromise of two Windows servers in the organization with sophisticated malware on October 27, 2020. The malware used is known by the name ‘wAgent’. Closer analysis has shown that the wAgent malware used against the health agency has the same infection scheme as that used by the malware Lazarus group in attacks on cryptocurrency businesses.

The second incident involved a pharmaceutical company. According to Kaspersky telemetry, the company was breached on September 25, 2020. This company is developing a COVID-19 vaccine and is also authorized to produce and distribute it. This time, the attacker deployed the Bookcode malware, previously reported by security vendor to be connected to Lazarus, in a supply chain attack through a South Korean software company. In the past, Kaspersky researchers also witnessed Lazarus group carry out spear-phishing or strategically compromise websites in order to deliver Bookcode malware. Both wAgent and Bookcode malware, used in both attacks, have similar functionalities, such as a full-featured backdoor. After deploying the final payload, the malware operator can control a victim’s machine in nearly any manner they wish.

Relationship of recent Lazarus group attack

Given the noted overlaps, Kaspersky researchers confirm with high confidence that both incidents are connected to the Lazarus group. The research is still ongoing.

Said Seongsu Park, a security expert at Kaspersky: “These two incidents reveal Lazarus group’s interest in intelligence related to COVID-19. While the group is mostly known for its financial activities, it is a good reminder that it can go after strategic research as well. We believe that all entities currently involved in activities such as vaccine research or crisis handling should be on high alert for cyberattacks.”