Virendra Pandit
New Delhi: Not only did China try to blackout Mumbai in October 2020, its hackers even targeted the Information Technology (IT) systems of the two major Indian vaccine makers which are supplying COVID-19 vaccines not only to the country but dozens of other nations as well.
Media reports on Monday said a Chinese state-backed cyber hacking group recently targeted the IT systems of Bharat Biotech and Serum Institute of India (SII) whose COVID-19 vaccines are being used in the country’s immunization campaign, the world’s largest, launched by Prime Minister Narendra Modi on January 14.
Modi himself got a shot in New Delhi on Monday, launching the second phase of India’s immunization drive.
Both India and China have emerged as the largest vaccine manufacturers, selling or gifting COVID-19 shots to several countries. India, the world’s largest vaccine maker, alone manufacturers more than 60 percent of all vaccines sold in the world.
Goldman Sachs-backed cyber-intelligence firm Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of the two Indian vaccine makers, particularly the SII, the world’s largest vaccine maker.
“The real motivation here is actually exfiltrating intellectual property and getting a competitive advantage over Indian pharmaceutical companies,” said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official with British foreign intelligence agency MI6”, according to a media report.
He said APT10 was actively targeting SII, which is making the AstraZeneca vaccine for many countries, and will soon start bulk-manufacturing Novavax shots.
“In the case of Serum Institute, they have found a number of their public servers running weak web servers, these are vulnerable web servers,” Ritesh said, referring to the hackers.
“They have spoken about the weak web applications, they are also talking about the weak content-management systems. It’s quite alarming.”
The U.S. Department of Justice had said in 2018 that APT10 had acted in association with the Chinese Ministry of State Security.
Ritesh, whose firm follows the activities of some 750 cyber-criminals and monitors nearly 2,000 hacking campaigns, said it was not yet clear what vaccine-related information APT10 may have accessed from the Indian companies.
Bharat Biotech’s COVAXIN shot, developed with the state-run Indian Council of Medical Research (ICMR), will be exported to many countries, including Brazil.
