Chinese state-backed hacking group targets vaccine makers in India: A report

Cyfirma, a Goldman-Sachs backed cyber intelligence firm, has reported a cyberattack on Indian Vaccine makers SII(Serum Institute of India) and Bharat Biotech, which comes from a Chinese state-backed hacking group APT10.

SII and Bharat Biotech are the world’s largest coronavirus vaccine-producing pharma companies and their COVID shots are also being used for the country’s immunization campaign. These Indian companies produce more than 60% of all the COVID vaccines supplied around the world. India produces more than 60% of all the COVID vaccines in the world.

APT10 also known as Stone Panda, reportedly identified gaps and exploited the vulnerabilities in the IT infrastructure and the supply chain software of the two pharma companies to steal sensitive information. However, no reports of data loss have been reported.

The real motivation here is exfiltrating intellectual property and getting a competitive advantage over Indian pharmaceutical companies,” said Kumar Ritesh, Cyfirma Chief Executive, and former top cyber official with M16- the British Foreign Intelligence agency. He also said that APT10 has been targeting “Serum Institute of India” which is producing the AstraZeneca vaccine for many countries and is about to start bulk manufacturing of the Novavax shots as well.

In this case, they have found some public servers running weak servers, which are vulnerable. They have spoken about weak web applications being used and a weak CMS(content management system) as well, which is quite alarming,” he further added.

Chinese Foreign Ministry when asked about the attack, did not immediately respond to the request. SII and Bharat Biotech on the other hand also refused to comment. Furthermore, the government-run Indian Computer Emergency Response Team has also not released any statement yet.

China has always been on the radar of several countries for a long time. The US Department of Justice, in 2018 had said that APT10 acts in association with the Chinese Ministry of State Security.

Microsoft, in November last year, said that it had detected cyberattacks from Russia and North Korea targeting COVID-19 vaccine companies in India, Canada, France, South Korea, and the US. Hackers from North Korea also tried to break into the systems of AstraZeneca.

Cyfirma, which follows the activities of some 750 cybercriminals and monitors over 2000 hacking campaigns, said they are not clear as to what information APT10 may have accessed from the servers of the Indian companies and they are yet to source the same.