A Chinese state-backed hacking group has targetted the IT systems of two Indian vaccine makers whose COVID-19 shots are being used in the country’s immunisation campaign, cyber intelligence firm Cyfirma informed.
Both the rival countries - India and China - have sold or gifted COVID-19 shots to many other nations. India produces over 60 per cent of all vaccines sold in the world.
Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group Stone Panda had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world’s largest vaccine maker.
“The real motivation here is actually exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies,” said Cyfirma chief executive Kumar Ritesh. He said APT10 (Stone Panda) was actively targeting SII, which is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots.
“In the case of Serum Institute, they have found a number of their public servers running weak web servers, these are vulnerable web servers,” Ritesh said, referring to the hackers. “They have spoken about weak web application; they are also talking about weak content-management system. It’s quite alarming,” he further said.