Hackers recently posted confidential documents regarding Covid-19 medicines and vaccines on the internet after a data breach late last year at the European Medicines Agency (EMA). Timelines related to evaluating and approving Covid medicines and vaccines haven’t been affected, the EMA said in a statement on Tuesday. The agency said it remains fully functional and that law enforcement authorities are taking action on the breach.
It is suspected by cyber threat investigators that these hacks may the work of APT29 or Cozy Bear which may have led some of the cyberattacks during July 2020. The group, also known as The Dukes, has long been affiliated with Russian intelligence agencies, including the Russian Foreign Intelligence Service (SVR) and the Russian Federal Security Service (FSB), according to researchers. APT29 has a history dating back to 2008 and has targeted dozens of governments, research institutes and corporations around the world in an effort to gather intelligence that may inform Russian government policy making, according to researchers who have studied the group.
Confirming who is behind hacks can be difficult, due to methods the hackers can use to conceal their identity. In 2014, however, the Dutch intelligence agency turned the tables on APT29 by hacking their computers and using their webcams to spy on them, identifying them as members of Russia’s Foreign Intelligence Service. Later, Dutch intelligence operatives were able to use the access they obtained to watch members of APT29 planned and carried out their hack on the Democratic National Committee.
Caught up in the hack were some documents submitted by Pfizer and BioNTech during regulatory review of their vaccine, approved last month. The EMA said it would notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access. The EMA’s update on the breach came after an Italian cybersecurity firm, Yarix, said it found hacked documents related to the Pfizer-BioNTech vaccine’s authorization and commercial processes on the so-called dark web.
An attacker released a blog post there that contained files from the EMA, including confidential email messages related to vaccine production and marketing, Yarix Chief Executive Officer Mirko Gatto said in an interview. Screen shots and documents in the post referenced an EMA secure communications portal that’s reserved for authorized personnel, Gatto said. Yarix reported the matter to the Italian authorities, the CEO said, but it’s not working directly with the EMA. The agency didn’t immediately respond to a request for comment on the firm’s disclosures. Pfizer and BioNTech said last month that some documents they submitted to the EMA were accessed in the hack. The companies said that none of their systems had been breached.
A Pfizer spokesman declined to comment beyond the initial statement in December 2020. A BioNTech representative did not immediately respond to requests for comment. The EMA signed off on a second vaccine, from Moderna Inc., earlier this month. Currently under review is a third vaccine, developed by AstraZeneca and the University of Oxford. The regulator has said its drugs advisory panel could issue an opinion on that shot by 29 January. Pfizer shares fell 2.2% in New York, with BioNTech’s American depositary receipts down 5.1%.
The EMA is also conducting a rolling review of a potential vaccine from Johnson & Johnson, though a decision on that shot is further off because a large late-stage trial has not yielded results as of yet. Since the pandemic began, hackers aligned with governments including Russia and China have been accused of targeting companies and research institutions.
Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports.
The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.
Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/wapacklabs/
Twitter: https://twitter.com/wapacklabs?lang=en
Weekly Cyber Intelligence Briefings:
https://attendee.gotowebinar.com/register/8782169210544615949
Comments