North Korea accused of Pfizer Covid vaccine cyber attack

An apparent cyber attack on pharmaceutical company Pfizer was probably an attempt to steal Covid-19 vaccine information by North Korean state-backed actors, according to South Korea’s intelligence service, which briefed lawmakers during a closed-door session, says news agency Yonhap

National Assembly opposition member Ha Tae-keung revealed that Pfizer was among a number of organisations hacked recently, in remarks reviewed by Reuters.

“There were attempts to steal Covid vaccine and treatment technology during cyber attacks and Pfizer was hacked,” he said.

Ha gave no further indication of when the cyber attacks took place, or whether or not they were ultimately successful.

North Korea has reported no cases of Covid-19, although its borders remain closed in a national quarantine effort and, given the nature of the North Korean regime, it is highly improbable that Covid-19 is not present there.

The country is set to receive two million doses of the AstraZeneca/Oxford University vaccine later this year, via the Covax programme.

If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a string of cyber attacks by North Korea against organisations involved in the research and development of Covid-19 vaccines.

The attacks, which date back several months, appear to involve the use of spoofed logon pages for various online portals, which trick staffers at the target organisations into handing over their passwords.

Other nation state-backed actors have also targeted elements of the Covid-19 vaccine cold chain – part of the supply chain that deals with the preservation of vaccines. The Pfizer/BioNTech vaccine, for example, must be kept at -70°C to remain viable.

George Daglas, chief operating officer at security services firm Obrela, commented: “The Covid-19 vaccine is currently one of the most desired assets on the planet, so it is not surprising it is considered a cyber attack target.

“Pharmaceutical companies must take the necessary steps to protect not only their intellectual property but, more importantly, the vaccine production safety and their vaccine supply chain by enforcing rigorous cyber and physical security controls in every step of the production-supply lifecycle.

“It is also important for pharmaceutical companies to foster a security-aware culture among their staff, to effectively reduce the attackers’ likelihood of success when targeting staff as an entry point in the organisation.”

F-Secure chief research officer Mikko Hypponen said: “Nation state hacking is nothing new, and is something North Korea has a history of. In the past few years alone, North Korea has been held responsible for a number of cyber attacks causing disruption and financial losses on an unprecedented scale.

“We have to remember that North Korea is not a normal country. No other country in recent history has resorted to printing fake US dollars. No other country deploys ransomware to blackmail bitcoins from their victims. No other country hacks international banking networks in order to steal money. In that line of thinking, it wouldn’t be surprising for them to try to hack vaccine data either.”

It is not known whether the attack identified by the South Koreans is related to the December 2020 cyber attack on the European Medicines Agency in which documents relating to the Pfizer/BioNTech vaccine were stolen, and later leaked.

Pfizer has not yet issued any comment on the incident.