Pfizer/BioNTech vaccine data modification and leak (2020)

From International cyber law: interactive toolkit
Revision as of 12:16, 5 November 2021 by Uncleistvan1BBB (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Date December 2020.[1]
Suspected actor Sources close to the incident investigation stated that Russian and Chinese intelligence agencies were behind the attack.[2]

Moreover, in July 2020, security services warned of Russian intelligence services targeting organisations trying to develop a coronavirus vaccine in the UK, US and Canada.[3] Furthermore, in November 2020, Microsoft announced it had detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers.[4]

Target European Medicines Agency (EMA)
Target systems EMA internal servers.[5] The perpetrators focused on documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine. [6]
Method Firstly, the perpetrators used spearphishing on specifically selected EMA employees concealing themselves as their colleagues.[7] After the victims took the bait, the email implanted malware which enabled the perpetrators to intercept email traffic.[2]

Secondly, the perpetrators had to go through two-step verification used to secure the internal network. Due to their access to email traffic, the perpetrators noticed a zip file sent via an email containing a token for a new user.[7] This token enables employees to link a device (a mobile app) to generate a unique access code for two-step verification. The perpetrators intercepted the zip file and linked it to their device, gaining access to the internal network.[7]

The perpetrators hid their IP addresses and logged in unnoticed for more than a month.[2]

Purpose Some of the documents were made public. After its analysis, EMA warned that the documents had been altered,[8] most probably to undermine trust in the vaccine and significantly damage EMA and Pfizer's reputation and credibility. The altered documents were then used in the disinformation campaigns regarding COVID-19 vaccines to undermine trust in the vaccine admission process and its safety.

According to sources close to the investigation, the perpetrators were interested in information regarding what countries procured the vaccine and its amount rather than in the vaccine itself.[2] Russia could have used such information to sell its vaccines later.

Result Some of the EMA unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet, including internal confidential email correspondence dating from November 2020, relating to evaluation processes for COVID-19 vaccines.[8]

Although the individual leaked emails were authentic, “data from different users were selected and aggregated, screenshots from multiple folders and mailboxes have been created and additional titles were added by the perpetrators in a way which could undermine trust in vaccines.”[9]  Moreover, EMA stated that not all published documents have been published in their original and integral form and might have been taken out of context.[10]

Aftermath EMA immediately launched a probe and contacted respective authorities that began a criminal investigation into the incident.[11] The drug regulator informed Pfizer and BioNTech of unlawful access to their documents by a third party after the altered documents had been leaked on the internet.[10]

Allegedly, no personal data of the study participants were compromised nor Pfizer’s systems.[12] Neither the vaccine admission procedure nor the rollout itself was affected by the attack. However, the leaked documents could have affected the trust of the citizens in the vaccine that further “hyped” anti-vax movements and tendencies.

Analysed in Scenario 04: A State’s failure to assist an international organization

Scenario 23: Vaccine research and testing

Collected by: Dominik Zachar