The APT Lazarus Group and other threat actors have allegedly been actively trying to steal COVID-19 research, likely to speed up their own countries’ vaccine development efforts. Lazarus is likely seeking to steal intellectual property to report back to North Korea, according to Kaspersky researchers. Lazarus recently attacked both a pharmaceutical company and a government health ministry related to the pandemic response. Researchers reported that the hacks were strictly aimed at information theft.
The government health ministry was attacked in late October, in the midst of developing a COVID-19 vaccine. Lazarus hackers installed a sophisticated malware called wAgent on the ministry’s servers. WAgent is file-less to avoid detection and inserts additional payloads from a remote server. In the second instance, the APT deployed Bookcode malware in a supply chain attack. Both attacks were found to be connected to Lazarus groups due to overlaps in the post-exploitation process.
Read More: Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack