Pfizer/BioNTech vaccine data modification and leak (2020)
|Suspected actor||Sources close to the incident investigation stated that Russian and Chinese intelligence agencies were behind the attack.
Moreover, in July 2020, security services warned of Russian intelligence services targeting organisations trying to develop a coronavirus vaccine in the UK, US and Canada. Furthermore, in November 2020, Microsoft announced it had detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers.
|Target||European Medicines Agency (EMA)|
|Target systems||EMA internal servers. The perpetrators focused on documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine. |
|Method||Firstly, the perpetrators used spearphishing on specifically selected EMA employees concealing themselves as their colleagues. After the victims took the bait, the email implanted malware which enabled the perpetrators to intercept email traffic.
Secondly, the perpetrators had to go through two-step verification used to secure the internal network. Due to their access to email traffic, the perpetrators noticed a zip file sent via an email containing a token for a new user. This token enables employees to link a device (a mobile app) to generate a unique access code for two-step verification. The perpetrators intercepted the zip file and linked it to their device, gaining access to the internal network.
The perpetrators hid their IP addresses and logged in unnoticed for more than a month.
|Purpose||Some of the documents were made public. After its analysis, EMA warned that the documents had been altered, most probably to undermine trust in the vaccine and significantly damage EMA and Pfizer's reputation and credibility. The altered documents were then used in the disinformation campaigns regarding COVID-19 vaccines to undermine trust in the vaccine admission process and its safety.
According to sources close to the investigation, the perpetrators were interested in information regarding what countries procured the vaccine and its amount rather than in the vaccine itself. Russia could have used such information to sell its vaccines later.
|Result||Some of the EMA unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet, including internal confidential email correspondence dating from November 2020, relating to evaluation processes for COVID-19 vaccines.
Although the individual leaked emails were authentic, “data from different users were selected and aggregated, screenshots from multiple folders and mailboxes have been created and additional titles were added by the perpetrators in a way which could undermine trust in vaccines.” Moreover, EMA stated that not all published documents have been published in their original and integral form and might have been taken out of context.
|Aftermath||EMA immediately launched a probe and contacted respective authorities that began a criminal investigation into the incident. The drug regulator informed Pfizer and BioNTech of unlawful access to their documents by a third party after the altered documents had been leaked on the internet.
Allegedly, no personal data of the study participants were compromised nor Pfizer’s systems. Neither the vaccine admission procedure nor the rollout itself was affected by the attack. However, the leaked documents could have affected the trust of the citizens in the vaccine that further “hyped” anti-vax movements and tendencies.
|Analysed in||Scenario 04: A State’s failure to assist an international organization|
Collected by: Dominik Zachar
- ComputerWeekly, "Data on Pfizer/BioNTech Covid-19 vaccine stole in cyber attack", 2020.
- Reuters, "Russian, Chinese hackers targeted Europe drug regulator: newspaper", 2021
- BBC, "Coronavirus: Russian spies target Covid-19 vaccine research", 2020.
- The journal, "European Medicines Agency says it has been targeted in cyber attack", 2020.
- HealthcareITNews, "Pfizer COVID-19 vaccine data leaked by hackers", 2021.
- Reuters, "Hackers steal Pfizer/BioNTech Covid-19 vaccine data in Europe, companies say", 2020.
- DeVolkskrant, "Russian and Chinese hackers gained access to EMA", 2021.
- EMA, "Cyberattack on EMA - update 5", 2021.
- EMA, "Cyberattack on EMA - update 6", 2021.
- Politico, "EU medicines agency says hackers manipulated leaked coronavirus vaccine data", 2021.
- European Parliament, "Parliamentary questions", 2021.
- CPO Magazine, "Pfizer-BioNTech COVID-19 Vaccine Data Stolen From European Medicines Agency’s Server Leaked Online", 2021.