A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country's immunisation campaign, cyber intelligence firm Cyfirma told Reuters.
Rivals China and India have both sold or gifted Covid-19 shots to many countries. India produces more than 60 per cent of all vaccines sold in the world.
Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world's largest vaccine maker.
"The real motivation here is actually exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies," said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official with British foreign intelligence agency MI6.
He said APT10 was actively targeting SII, which is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots.
"In the case of Serum Institute, they have found a number of their public servers running weak web servers, these are vulnerable web servers," Ritesh said, referring to the hackers.
"They have spoken about weak web application, they are also talking about weak content-management system. It's quite alarming."
China's foreign ministry did not immediately reply to a request for comment.
SII and Bharat Biotech declined to comment. The government-run Indian Computer Emergency Response Team, with whom Cyfirma said it had shared its findings, had no immediate comment.
The U.S. Department of Justice said in 2018 that APT10 had acted in association with the Chinese Ministry of State Security.
Microsoft said in November that it had detected cyber attacks from Russia and North Korea targeting COVID-19 vaccine companies in India, Canada, France, South Korea and the United States. North Korean hackers also tried to break into the systems of British drugmaker AstraZeneca, Reuters https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no-idUSKBN2871A2 has reported.
Ritesh, whose firm follows the activities of some 750 cyber criminals and monitors nearly 2,000 hacking campaigns using a tool called decipher, said it was not yet clear what vaccine-related information APT10 may have accessed from the Indian companies.
Bharat Biotech's COVAXIN shot, developed with the state-run Indian Council of Medical Research, will be exported to many countries, including Brazil.
US drugmaker Pfizer Inc and its German partner BioNTech SE said in December that documents related to development of their Covid-19 vaccine had been "unlawfully accessed" in a cyberattack on Europe's medicines regulator.
Relations between nuclear-armed neighbours China and India soured last June when 20 Indian and four Chinese soldiers were killed in a Himalayan border fight. Recent talks have eased tension.
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
RECOMMENDED FOR YOU