Foreign hackers target Indian vaccine makers and Patanjali group: claims cybersecurity firm Cyfirma
Cyber intelligence and threat discovery platform Cyfirma told Reuters that foreign state-backed hackers have targeted Indian vaccine makers Serum Institute of India and Bharat Biotech. Other reports are indicating that the hacking attempts have happened over the past few weeks, and have been sponsored by both China and Russia.
Bharat Biotech and Serum Institute of India are both engaged in the production of Covid-19 vaccines for India, and currently, the country produces 60% of all vaccines sold in the world. Prime Minister Narendra Modi had earlier voiced his concern against vaccine nationalism and delivered/sold vaccines to many countries, rivalled only by China.
The cybersecurity firm also added that hacking attempts allegedly originating from North Korea targeted Baba Ramdev’s Patanjali group, of which Coronil had been a controversial issue in the last few weeks. The matter was included in a report — Threat Landscape for Pharmaceutical Companies — published by the Singapore/Japan-based Cyfirma, which is backed by big wigs such as Goldman Sachs.
The report indicates that they had found cyberattack campaigns based out of Russia, China, North Korea, and the Middle East against 12 countries, including India, with the express purpose of stealing Covid vaccine research, patient and clinical trial data, supply chain, and product information. The targets reportedly include top pharma companies in India, the USA, the UK, Japan, Australia, Spain, Italy, Germany, Brazil, Taiwan, and Mexico.
According to Reuter’s report, the firm says that the Chinese hacking group APT10 identified weak points in the IT infrastructure and supply chain software of Bharat Biotech and SII. The report adds that their main target is SII since it is actively producing the AstraZeneca vaccine and will soon start work on the Novavax shots. According to the firm, the hackers identified multiple SII public servers running a vulnerable web server.
Meanwhile, Recorded Future — a US-based company — found an increase in malware in the Indian government, defence and public sector organisations while the India-China clash worsened last year. The report adds that the “state-sponsored Chinese hackers might have targeted Indian power grids” leading to doubts over the October 12 power grid failure in Mumbai.
A 100-page provisional report filed by the Maharashtra cyber department confirms the malware attack behind the blackout, and it adds that they found 14 Trojan horses and 8GB of unaccounted data in the system. The investigators claimed that unidentified sources installed the malware in the Maharashtra State Electricity Board by unverified sources.
However, while the government is claiming that it could be a foreign group, they did not confirm whether it was a Chinese-backed attack as the Recorded Future report had claimed. Sources within the government asked how the company came to such a conclusion without having studied the servers.