Chinese hackers target SII, Bharat Biotech, says security firm
A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country's immunisation campaign, cyber intelligence firm Cyfirma told Reuters.
Rivals China and India have both sold or gifted Covid-19 shots to many countries. India produces more than 60% of all vaccines sold in the world.
Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world's largest vaccine maker.
"The real motivation here is actually exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies," said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official with British foreign intelligence agency MI6.
He said APT10 was actively targeting SII, which is making the AstraZeneca vaccine for many countries and will soon start bulk-manufacturing Novavax shots.
"In the case of Serum Institute, they have found a number of their public servers running weak web servers, these are vulnerable web servers," Ritesh said, referring to the hackers.
"They have spoken about weak web application, they are also talking about weak content-management system. It's quite alarming."
China's foreign ministry did not reply to a request for comment. But responding to a question on whether Chinese hackers had a role in attacking India's power grid which caused a blackout in Mumbai last year, the ministry said it was a staunch defender of cyber security.
"China firmly opposes and cracks down on all forms of cyber attacks," its embassy in New Delhi said on Twitter, quoting the foreign ministry. "Speculation and fabrication have no role to play on the issue of cyber attacks."
SII and Bharat Biotech declined to comment. The office of the director-general of the state-run Indian Computer Emergency Response Team (CERT) said the matter had been handed to its operations director, S.S. Sarma.
Sarma told Reuters CERT was a "legal agency and we can't confirm this thing to media".
Cyfirma said in a statement it had informed CERT authorities and that they had acknowledged the threat.
The U.S. Department of Justice said https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion in 2018 that APT10 had acted in association with the Chinese Ministry of State Security.
Microsoft said https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum in November that it had detected cyber attacks from Russia and North Korea targeting vaccine companies in India, Canada, France, South Korea and the United States. North Korean hackers also tried to break into the systems of British drugmaker AstraZeneca, Reuters https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no-idUSKBN2871A2 has reported.
Ritesh, whose firm follows the activities of some 750 cyber criminals and monitors nearly 2,000 hacking campaigns using a tool called DeCYFIR, said it was not yet clear what information APT10 may have accessed from the Indian companies.
Relations between nuclear-armed neighbours China and India soured last June when 20 Indian and four Chinese soldiers were killed in a Himalayan border fight. Recent talks have eased tension.
Russian missiles struck a crowded shopping mall in central Ukraine on Monday, President Volodymyr Zelenskiy said, as Moscow fought for control of a key eastern city and Western leaders promised to support Kyiv in the war "as long as it takes". More than 1,000 people were inside when two Russian missiles slammed into the mall in the city of Kremenchuk, southeast of Kyiv, Zelenskiy wrote on Telegram. He said the death count could rise.
The company planning to buy Donald Trump's new social media business has disclosed a federal grand jury investigation that it says could impede or even prevent its acquisition of the Truth Social app. Shares of Digital World Acquisition Corp. dropped almost 10% Monday as the company revealed that it has received subpoenas from a grand jury in New York. The new probe could make it more difficult for Trump to finance his social media company.
Ukraine's President Volodymyr Zelensky denounced Monday's missile strike on a shopping centre in central city of Kremenchuk as a "brazen terrorist act", as the death toll rose to 13. "The Russian strike today on the shopping centre in Kremenchuk is one of the most brazen terrorist acts in European history," Zelensky said in his evening broadcast posted on Telegram. "A peaceful town, an ordinary shopping centre -- women, children ordinary civilians inside."
Three people died Monday when a long-distance train collided with a garbage truck in the US state of Missouri, leaving multiple injuries among some 200 passengers, local officials said. "There are multiple injuries and we can confirm there were three fatalities -- two on the train and one in the dump truck," a spokesman for the Missouri State Highway Patrol, Justin Dunn, told reporters at a press conference.
A long-delayed conference on how to restore the faltering health of global oceans kicked off in Lisbon on Monday, with the head of the UN saying the world's seas are in crisis. "Today we face what I would call an ocean emergency," UN Secretary General Antonio Guterres told thousands of policymakers, experts and advocates at the opening plenary, describing how seas have been hammered by climate change and pollution. Humanity depends on healthy oceans.