A hacking group backed by China has been targeting the systems of Indian vaccine manufacturers Serum Institute and Bharat Biotech in recent weeks, Reuters reported on Monday, citing cyber-intelligence company Cyfirma. Vaccines made by the two firms are being used in India’s massive inoculation drive.

The firm’s Chief Executive Kumar Ritesh told the news agency that China’s real motive was “exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies.”

Cyfirma, which is based in Tokyo and Japan, said the hacking group, “APT10” or Stone Panda, had identified certain gaps in the vaccine makers’ supply chain software and Information Technology systems.

“In the case of Serum Institute, they [the hackers] have found a number of their public servers running weak web servers, these are vulnerable web servers,” Cyfirma’s chief executive was quoted as saying by Reuters. “They have spoken about weak web application, they are also talking about weak content-management system. It’s quite alarming.”

Cyfirma said it informed India’s Computer Emergency Response Team about China’s cyber intrusion, and the agency acknowledged the threat. CERT functions under the Ministry of Electronics and Information Technology. “They [the agency] checked and they came back,” Cyfirma said. “Our technical analysis and evaluation verified the threats and attacks.”

Also read:

  1. China targeted Indian power grid after Galwan Valley clash, suggests study: NYT
  2. No data breach occurred due to Chinese malware attack, says Centre after US firm’s report

The office of CERT’s director-general told Reuters that the matter was handed over to Operations Director SS Sarma. However, the official refused to give any details to the media. The Chinese government and the two vaccine makers have also not yet responded to Cyfirma’s findings.

The Mumbai blackout

There is also other evidence of Chinese cyber intrusion in India. A report released by a United States private cybersecurity firm last week suggested that a Chinese cyber campaign targeted India’s power grid, months after the Galwan valley clash in June, in which soldiers from both the countries were killed.

Recorded Future’s report raised questions about a possible link between the clash and a power blackout that brought India’s financial capital Mumbai to a standstill in October. However, investigators have not been able to substantiate this link.

The report identified 10 Indian power sector organisations, including four of the five Regional Load Despatch Centres, as the targets of a “concerted campaign” against India’s critical infrastructure.

Recorded Future’s Chief Operating Officer Stuart Solomon told The New York Times that the Chinese group had been seen to systematically use advanced cyber intrusion techniques to “quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.

The Ministry of Power confirmed that it was aware of the Chinese cyber campaign, but said it had no impact on the operation of Power System Operation Corporation. “No data breach/data loss has been detected due to these incidents,” the ministry added.

Meanwhile, Maharashtra Energy Minister Nitin Raut said that the state government, the Maharashtra Electricity Regulatory Commission and the Central Electricity Authority had set up separate committees to investigate the cause of the power outage in Mumbai, and that their reports have been received.