Chinese hackers targeting Indian vaccine-makers, firm alleges

Attacks directed at IT infrastructure and supply chain, says cyber intelligence firm

The issue of Chinese hackers has returned to the forefront in India, with allegations of their attempts to infiltrate the IT systems at two Indian vaccine-makers and their involvement in a power outage in Mumbai last year.

Researchers from Cyfirma, a cyber intelligence firm, said it had uncovered how Chinese hacking group APT10 had been targeting the IT infrastructure and supply chain of the Serum Institute of India, the world's largest vaccine-maker manufacturing the AstraZeneca vaccine, and Bharat Biotech, the indigenous vaccine-maker.

India has given emergency approval to both manufacturers to supply the country's needs for its vaccination programme, which is among the largest in the world.

Cyfirma said it found that India's vaccine research had attracted the attention of Chinese state-sponsored threat actors "whose intentions are to tarnish India's reputation as well as to disrupt her national vaccination effort".

The firm said it did not know the exact date of the attacks but said evidence from hackers' communities and forums pointed to the efforts already starting against the two companies. "Nations are not holding back in their attempts to win the vaccine race as we are seeing unprecedented levels of cyber activities," said Cyfirma founder and chief executive Kumar Ritesh.

"State-sponsored hackers are making inroads to disrupt vaccine distribution, steal research intellectual property, all in their efforts to create a competitive advantage for their countries."

They were looking for "medicine chemical combination, sensitive database, customer information for geopolitical and competitive advantage", among other things, he said.

In 2018, the United States Department of Justice said that APT10 had acted in association with the Chinese Ministry of State Security.

The claim of alleged hacking attempts coincides with efforts by India and China to defuse tensions along the border where a stand-off between forces on both sides disrupted ties. The two countries have since moved forward on disengaging their forces at different points on the border. The violent clash last June led to a build-up of troops and weaponry by both sides.

Both countries have also been at the forefront of vaccine diplomacy. India has given millions of doses of its home-made vaccine to its immediate neighbours and also supplied them to other countries, including through Covax, a global scheme to procure and distribute Covid-19 vaccines for free to poorer countries.

Similarly, China has been distributing vaccines to 45 countries.

The Cyfirma allegation of Chinese hacking attempts followed another report by The New York Times on Sunday that a power outage in Mumbai in October was part of a Chinese cyber campaign against India's power grid.

Quoting a report by Recorded Future, a US-based company, the major US daily linked the cyber attack to the border troubles, saying that it could have been a warning to India of the cost of escalating the row.

The power outage in Mumbai, which is India's financial capital, affected millions. Suburban train services in the metropolis were at a standstill for over two hours, traffic signals stopped working and water supply to some parts were affected.

Federal Power Minister R.K. Singh denied that the power outage was due to hacking, telling Indian news agency Asian News International that it was caused by "human error and not due to cyber attack". He said teams that investigated the outage found a cyber attack did take place but it was not linked to the grid failure.

But Mr Anil Deshmukh, Home Minister for the state of Maharashtra, where Mumbai is, described the outage as a cyber sabotage attempt.

In response to a query on some Indian media's quoting Western media as saying Chinese hackers may have launched cyber attacks on India's power system, ports and two vaccine companies, the Chinese Embassy in India said yesterday: "The relevant allegations are pure rumours and slanders."

"It is highly irresponsible to accuse a particular party when there is no evidence. China is firmly opposed to such irresponsible and ill-intentioned practice," a spokesman said.

Analysts say the latest reports of alleged Chinese hacking will intensify the major trust deficit between the two countries, though India has been aware of earlier instances of Chinese hacking and threats.

"Industrial and military espionage is done by many countries," said Professor Srikanth Kondapalli, a China expert at Jawaharlal Nehru University. "In this case mistrust at the popular level increases. Already popular opinion was against China following the border troubles. Therefore, there is also no forward momentum in the relationship. Mutual mistrust continues and these incidents reinforce that."

A version of this article appeared in the print edition of The Straits Times on March 03, 2021, with the headline 'Chinese hackers targeting Indian vaccine-makers, firm alleges'. Subscribe