Breach, Critical Infrastructure Security, Data Security, ICS/SCADA, Threat Management

South Korea claims North Koreans hacked Pfizer for COVID-19 vaccine data

“North Korea – Flag” The federal government issued an advisory that the Kimsuky APT group  tasked by the North Korean regime with a global intelligence-gathering mission. Photo by Roman Harak is licensed under CC BY-SA 2.0

The National Intelligence Service in South Korea told a prominent lawmaker Tuesday that the North Koreans tried to steal data on COVID-19 vaccines by hacking Pfizer, one of the leading manufacturers in the global vaccination effort.

As of late Tuesday, Pfizer nor BioNTech, its German partner, had released a public statement on the alleged attack.

In a conversation with reporters after a briefing by the South Korean National Intelligence Service, Ha Tae-keung, an opposition member of the parliamentary intelligence panel, said Pfizer was among those targeted in a cyberattack but gave no further specifics on the timing or success of the breach, according to Reuters, which first reported it.

The report comes after attempts late last year by suspected North Korean hackers to steal data from at least nine healthcare companies, such as Johnson & Johnson, Novavax and AstraZeneca. The vast majority of the companies are well-known for having extensive research and production of COVID-19 vaccines.  

There's no question North Korea's capability and capacity for cyberattacks has increased, said Shawn Wallace, vice president of energy at IronNet Cybersecurity. The North Koreans have been running a broad campaign to obtain COVID-19 vaccine information for several months, he said. While it’s unknown what they intend to use the information for, Wallace said most of their campaigns are primarily motivated by profit or income for the regime.

“We have seen them run ransomware campaigns and steal crypto-currency most recently so perhaps they plan to sell it,” Wallace said. “Defenders have a real problem in that eventually they may fail to keep up as North Korea's hacking program continues to advance. Unless friendly nations band together to defend collectively, individual companies or countries will find themselves on the losing side of the equation.”

North Korea has become known for attacking high-value targets, mostly for financial gain – and there’s no more valuable target than the intellectual property behind a COVID-19 vaccine, said Dirk Schrader, global vice president at New Net Technologies. Vaccine R&D, its production and distribution depend heavily on digital technology, like genetic sequencers in labs, ICS devices at facilities, and AC controllers in cold storages, which makes the attack surface immensely large and diverse, he said.

“Essential controls should be in place to reduce this surface, reduce the vulnerability and monitor any change in these systems to identify that unwanted file being dropped to start the ransomware attack, or to detect that malicious change of a configuration setting,” Schrader said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.