Internet security firm Cyfirma reported Monday that hackers linked to the Chinese government are attacking the computer systems of two major Indian pharmaceutical companies involved in producing vaccines for the Wuhan coronavirus.
Cyfirma, based in Singapore and Tokyo, told Reuters on Monday the attacks are coming from a well-known hacker group designated Advanced Persistent Threat 10 (APT10) and commonly known as “Stone Panda.”
APT10 has been active since 2009, generally targeting U.S. and allied defense, healthcare, and aerospace computer systems. Its attacks are mostly designed to steal information or sabotage foreign companies, giving Chinese commercial entities a competitive advantage. In this case, APT10 is apparently trying to steal coronavirus vaccine data to help China promote its own questionable vaccine products.
The targets of the hacking campaign Cyfirma identified are Bharat Biotech and the Serum Institute of India (SII), with the apparant objective of “exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies.”
Bharat Biotech manufactures Covaxin, India’s first indigenous Chinese coronavirus vaccine. Indian Prime Minister Narendra Modi announced Monday morning that he received a dose of Covaxin, demonstrating confidence in the Indian vaccine to counter criticism from some outside observers that it has not been tested adequately.
SII is the world’s largest vaccine maker and is a major producer of the coronavirus vaccine developed by British pharma giant AstraZeneca. The Indian government granted SII emergency authorization to produce the AstraZeneca vaccine on January 6.
Drug regulators for the European Union announced Monday they are auditing SII’s production facilities, presumably with an eye towards authorizing European imports of vaccine doses the Indian firm manufactured, although regulators have not made the details of the audit and possible import negotiations public. SII’s products may be needed because AstraZeneca has been struggling to meet European demand for its vaccine.
Cyfirma chief executive Kumar Ritesh said hackers have discovered “vulnerable web servers” connected to SII’s network.
“They have spoken about weak web application, they are also talking about weak content-management system. It’s quite alarming,” he said, evidently referring to chatter among the hackers.
Reuters reported the Chinese Foreign Ministry, SII, and Bharat Biotech all declined to comment on the reported hacker attacks, while the Indian Computer Emergency Response Team (CERT) would only confirm that it was aware of Cyfirma’s claims. Cyfirma issued a statement that said CERT has “checked” its work and acknowledged the threat.
“Our technical analysis and evaluation verified the threats and attacks,” Cyfirma said.
Reuters noted that companies in the United States and allied nations have been repeatedly hit by cyberattacks believed to originate in China, North Korea, and Russia during the development of coronavirus vaccines. Indian media reported Chinese state hackers have conducted malware attacks against at least a dozen Indian government agencies and state-owned corporations since relations between China and India deteriorated in the summer of 2020.