Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

EU Regulator: Hackers ‘Manipulated’ Stolen Vaccine Documents

The European Union’s drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but “manipulated.”

The European Union’s drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but “manipulated.”

The European Medicines Agency said that an ongoing investigation showed that hackers obtained emails and documents from November related to the evaluation of experimental coronavirus vaccines. The agency, which regulates drugs and medicines across the 27-member EU, had troves of confidential COVID-19 data as part of its vaccine approval process.

“Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines,” the Netherlands-based agency said.

“We have seen that some of the correspondence has been published not in its integrity and original form and, or with, comments or additions by the perpetrators.”

The agency did not explain exactly what information was altered — but cybersecurity experts say such practices are typical of disinformation campaigns launched by governments.

Italian cybersecurity firm Yarix said it found the 33-megabyte leak on a well-known underground forum with the title “Astonishing fraud! Evil Pfffizer! Fake vaccines!” It was apparently first posted on Dec. 30 and later appeared on other sites, including on the dark web, the company said on its website.

Yarix said “the intention behind the leak by cybercriminals is certain: to cause significant damage to the reputation and credibility of EMA and Pfizer.”

Cybersecurity consultant Lukasz Olejnik said he believed the intention was far more broad.

Advertisement. Scroll to continue reading.

“I fear this release has a significant potential of sowing distrust in the EMA process, the vaccines, and vaccination in Europe in general,” he said. “While it is unclear as to who may be behind this operation, it is evident that someone determined allocated resources to it.”

“This is an unprecedented operation targeting the validation of pharmaceutical material, with potentially broad negative effects on the health of Europeans if it leads to undermining trust in the vaccine,” Olejnik added.

The EMA said law enforcement authorities are taking “necessary action” in response to the hack and a criminal investigation is ongoing.

It said that given the devastating toll of the pandemic, there was an “urgent public health need to make vaccines available to EU citizens as soon as possible.” The EMA insisted that despite that urgency, its decisions to recommend the green-lighting of vaccines were based “on the strength of the scientific evidence on a vaccine’s safety, quality and efficacy, and nothing else.”

The EMA, which is based in Amsterdam, came under heavy criticism from Germany and other EU member countries in December for not approving vaccines against the virus more quickly. The agency issued its first recommendation for the Pfizer and BioNTech vaccine weeks after the shot received approval in Britain, the United States, Canada and elsewhere.

The EMA recommended a second vaccine, made by Moderna, for use earlier this month. A third shot made by AstraZeneca and Oxford is currently under consideration by the agency.

Related: Hackers Publish COVID-19 Vaccine Data Stolen From EU Medicines Agency

Related: EU Agency Assessing Covid-19 Vaccines Hit by Cyberattack

Related: Vaccine Documents Hacked as West Grapples With Virus Surge

 

Related: North Korean Hackers Target COVID-19 Research

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.