Attacks against the companies, entities, and labs associated with the development, testing, and distribution of the Covid-19 vaccines is nothing new. What makes this attack interesting is the advanced persistent threat group involved – the Lazarus Group, which is believed to be a state-backed actor based out of North Korea. Lazarus’s typical targets are financial institutions or other cash-rich targets, however in this case Lazarus has gone after a government agency and a pharmaceutical company and the Covid-19 research they possess. The Lazarus Group is an extremely advanced threat group with a level of maturity in their attacks that allows them to frequently succeed.
It is currently unclear how Lazarus began their attack, but it’s possible that a previous attack against a South Korean company was the opening move. Software companies can make good springboards for attacks, as they would be expected to contact their customers about security details (for the software they may have) and to send executables or other software to the victim. What data, if any, was stolen is also unclear.