Chinese hackers targeting Indian vaccine makers, alleges cyber intelligence firm

The claim of alleged hacking attempts coincides with efforts by India and China to defuse tensions along the border.
The claim of alleged hacking attempts coincides with efforts by India and China to defuse tensions along the border.ST PHOTO: KELVIN CHNG

NEW DELHI - The issue of Chinese hackers has returned to the forefront in India with allegations of their attempts to infiltrate the IT systems at two Indian vaccine makers and their involvement in a power outage in Mumbai last year.

Researchers from Cyfirma, a cyber intelligence firm, said it had uncovered how Chinese hacking group APT10 had been targeting the IT infrastructure and supply chain of the Serum Institute of India (SII), the world's largest vaccine maker manufacturing the AstraZeneca vaccine, and Bharat Biotech, the local vaccine maker.

India has given emergency approval to both manufacturers to supply the country's needs for its vaccination programme, which is among the largest undertaken in the world.

Cyfirma said it found that India's vaccine research had attracted the attention of Chinese state-sponsored threat actors "whose intentions are to tarnish India's reputation as well as to disrupt her national vaccination effort".

The firm said it did not not know the exact date of the attacks but said evidence from hackers' communities and forums pointed to the efforts already starting against the two companies.

"Nations are not holding back in their attempts to win the vaccine race as we are seeing unprecedented levels of cyber activities," said Mr Kumar Ritesh, the founder and chief executive officer of Cyfirma.

"State-sponsored hackers are making inroads to disrupt vaccine distribution, steal research intellectual property, all in their efforts to create a competitive advantage for their countries."

They were looking for "medicine chemical combination, sensitive database, customer information for geopolitical and competitive advantage", among others, he said.

In 2018, the US Department of Justice said that APT10 had acted in association with the Chinese Ministry of State Security.

The claim of alleged hacking attempts coincides with efforts by India and China to defuse tensions along the border where a stand-off between forces on both sides disrupted ties. The two countries have since moved forward on disengaging their forces at different points on the border. The violent clash last June led to a build-up of troops and weaponry by both sides.

The two countries have also both been at the forefront of vaccine diplomacy. India has given millions of doses of its home-made vaccine to its immediate neighbours, including Nepal, Bangladesh and the Maldives, in part to strengthen its influence in the face of growing Chinese involvement in South Asia.

It has also supplied to different countries around the world, including through Covax, a global scheme to procure and distribute Covid-19 vaccines free to poorer countries.

Similarly, China has been distributing vaccines to 45 countries.

The Cyfirma allegation of Chinese hacking attempts followed another report by the New York Times on Feb 28 that a power outage in Mumbai in October last year was part of a Chinese cyber campaign against India's power grid.

Quoting a report by Recorded Future, a US-based company, the major US daily linked the cyber attack to the border troubles, saying that it could have been a warning to India of the cost of escalating the border row.

The power outage in Mumbai, India's financial capital, affected millions, with suburban train services in the metropolis at a standstill for over two hours, traffic signals disrupted and water supply to some areas affected.

Federal Power Minister R.K. Singh denied that the power outage was due to hacking, telling Asian News International, an Indian news agency, it was caused by "human error and not due to cyber attack". He said teams that investigated the outage found a cyber attack did take place but it was not linked to the grid failure.

But Mr Anil Deshmukh, the Home Minister for the state of Maharashtra, where Mumbai is situated, described the outage as a cyber-sabotage attempt.

In response to a query on some Indian media’s quoting Western media as saying that Chinese hackers may have launched cyberattacks on India’s power system, ports and two vaccine companies, the Chinese embassy in India on Tuesday said: "The relevant allegations are pure rumors and slanders."

“Cyberattacks are highly complicated and sensitive, and their origin is difficult to trace. Speculation and fabrication have no role to play on the issue of cyberattacks. It is highly irresponsible to accuse a particular party when there is no evidence,” a spokesman for the Chinese embassy said. “China is firmly opposed to such irresponsible and ill-intentioned practice.” 

Analysts say the latest reports of alleged Chinese hacking will only intensify the massive trust deficit between the two countries although India has been aware of earlier instances of Chinese hacking as well as threats.

A 2018 Indian government report found that 35 per cent of cyber attacks on official Indian websites were from China, followed by the US and Russia.

"Industrial and military espionage is done by many countries," said Professor Srikant Kondapalli, a China expert at Jawaharlal Nehru University.

"In this case, mistrust at the popular level increases. Already popular opinion was against China following the border troubles. As such, there is also no forward momentum in the relationship. Mutual mistrust continues and these incidents reinforce that."