Russian, Chinese hacking groups target pharma companies for Covid-19 data

Singapore-based cyber intelligent firm Cyfirma says 15 active hacking campaigns are underway; US, UK and Japan among a slew of other nations also on cybercriminals' target list

Cybercriminals from Russia, China, Korea, and the Middle East have targeted pharmaceutical companies, hospitals, and government health departments in India to steal Covid-19 related data. Singapore-based threat discovery and cyber intelligent company Cyfirma said that 15 active hacking campaigns are underway carried out by seven Russian groups, four Chinese groups, three Korean and one from Iran.

Other than India, these groups are targetting countries like the US, UK, Japan, Australia, Italy, South Korea, Germany, Spain, Brazil and Mexico.

Since last year, CY2020, cyber attacks against corporations have increased in general as change in the nature of work (work from home) have increased vulnerabilities in corporate security systems. “In the last six months we have seen a lot of attention shifting to the healthcare segment. However, now we are seeing a clear trend of state sponsored hacking groups targeting hospitals, supply chain, pharma companies to steal data related to clinical trials and anything related to Covid-19,” said Kumar Ritesh, Founder and CEO, Cyfirma.

Some of the hacking groups include Russia’s APT29. One of the campaign they are running is called “cold unseco33” that has been active since October 2020 and targets global pharma companies, hospitals working on Covid-19, approving authorities in USA, UK, India, Japan, Korea, Spain and Brazil. “There motivation is exfiltration of sensitive personal, clinical trial information, health care report, customer information, medical product information for geopolitical and financial gain and reputation damage. What is interesting to note is that we see the names of the targets being discussed openly in the dark web,” said Ritesh.

Some of the pharma companies and hospitals that are on the target list include Divi’s Labs, Sanofi, Dr Reddy’s labs, Abbott India, Torrent Pharma, All India Medical Sciences among others.

The Chinese hacking group APT10 that has been active since June 2020, in the recent past has gone very active. “The trend that we see is that earlier hacking was for financial gains, while it remains so even now, some of the intentions are to malign India’s effort in the vaccine creation and distribution. The Chinese hacking groups are more into smearing the Indian pharma companies reputation globally and the global endorsement that India has achieved as the vaccine provider to the world,” added Ritesh.

Indian pharma companies like Dr Reddy’s Laboratories and Lupin last year had reported instances of cyber attacks. Rather Dr Reddy’s Labs had to isolate its data centres after being hit by cyber attacks.

Cyfirma has been advising companies that with the threat landscape changing companies need to assess their security systems. “I would adivese companies to go back and look at the attack platforms and figure out how exposed they are. Two, look at embedding cyber intelligence security into the systems and elevate their monitoring measures. And more importantly, all the clinical trial and vaccine related documents should be encrypted,” said Ritesh.

• Govt agencies in charge of approving vaccine, medicine and  related appliance   

• Vaccine development and implementation tracking systems

• Clinical trial information        

• Hospital operating details, employee and patient information

• Government health department and demographic details

• Medical devices and appliance design and architecture