Hackers Behind EMA Cyberattack Manipulated Stolen Data to Sow Distrust in Covid-19 Vaccines

Hackers stole Pfizer-BioNTech COVID-19 vaccine trial data from EMA servers in December and leaked them on online forums, claiming they were defrauding people.

As the COVID-19 vaccine race was raging on, hackers — possibly state-backed — were targeting research institutes and pharmaceutical companies. Between March and December 2020, there were several cyberattacks on vaccine manufacturers including AstraZeneca, Pfizer Moderna among others. But as per the European Medicines Agency (EMA), a group of hackers was able to steal vaccine data from its servers and leak them online besides manipulating the documents.

The regulator had troves of data related to Pfizer-BioNTech's Coronavirus vaccine trials that hackers accessed in December 2020. The agency is responsible for authorizing medicines and vaccines in the 27-member European Union. Initially, the agency found that only one application was accessed by the hackers but following further investigation, it was found that hackers had access to multiple applications and they leaked the data on online forums.

Cyber attack
Hackers stole and manipulated Pfizer-BioNTech COVID-19 vaccine data accessed from the European Medicines Agency (representational image) Pixabay

As per the agency, hackers' primary motive was to spread mistrust in the vaccines. "This included internal/confidential email correspondence dating from November, relating to evaluation processes for COVID-19 vaccines. Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines," EMA added.

Vaccine Misinformation Campaign

While the investigators did not reveal what type of information was manipulated, cybersecurity experts said it was in the line of a state-backed misinformation campaign. Italian cybersecurity firm Yarix found a 33.4-megabyte file on an online forum titled "EMA_LEAKS" that said "Astonishing fraud! Evil Pfffizer! Fake vaccines!" After first appearing on December 30, the leaked documents from the cyberattack was then spread to other online forums.

The primary motive of the hackers was to sow distrust in the COVID-19 vaccine by leaking altered trial data Twitter/ NHS

The EMA said such altered documents being shared as leaked data could harm Europe's mass vaccination drive. Many European countries are currently witnessing a surge in the number of COVID-19 cases. However, a more worrying factor is misinformation related to vaccines. As Norway reported 23 deaths from the Pfizer-BioNTech COVID-19 vaccine, the data could be further altered to sow mistrust in the vaccine. As per Yarix, the hackers intended to cause significant damage to the reputation of both EMA and Pfizer.

"I fear this release has a significant potential of sowing distrust in the EMA process, the vaccines, and vaccination in Europe in general. While it is unclear as to who may be behind this operation, it is evident that someone determined allocated resources to it," cybersecurity expert Lukasz Olejnik told Associated Press.

Waning Trust in Vaccines

The primary concern here is the waning trust in vaccines. According to recent polls by Ipsos, France was one of the countries where mistrust in vaccines was growing. Only 40 percent of the French population said they would get the vaccine. While most of them were worried about the side effects, many were concerned about safety and efficacy as research and development of those were rushed due to public health emergency.

However, the EMA assured people that the vaccines were made available only after it was found safe and effective. It added that the vaccines were approved considering the devastating toll on EU citizens due to the pandemic.

"Amid the high infection rate in the EU, there is an urgent public health need to make vaccines available to EU citizens as soon as possible," it added.

Related topics : Cybersecurity Coronavirus