Friday

31st Mar 2023

Corona-hackers targeted EU officials with bogus emails

  • EU Commission HQ in Brussels: institutions are frequent target of state-sponsored attacks (Photo: European Commission)

Hackers, likely linked to a foreign state, have targeted the EU Commission with bogus emails to steal secrets on Covid-19 vaccines, according to US tech firm IBM.

The sting began in September 2020 and the "adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the Covid-19 vaccine supply chain and qualified supplier for the CCEOP programme," IBM said on Thursday (3 December).

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Covid-19 vaccine is potential goldmine for malign actors (Photo: gsk.com)

Haier Biomedical is a Chinese firm that deals with refrigeration of vaccines in storage and transport.

The Cold Chain Equipment Optimisation Platform (CCEOP) is a UN-linked group in which private companies and public institutions work together to distribute drugs.

The fake executive, using the address yongbinxu@haierbiomedical.com, sent emails to people containing "malicious" links, which, when clicked, prompted the reader to disclose personal credentials.

Targets included EU officials in a commission department in Brussels dealing with customs and tax, who "could serve as a single point of compromise impacting multiple high-value targets across the 27 member states of the European Union and beyond," IBM said.

Targets also included staff in a German website-development company in the CCEOP, as well as other personnel in "sales, procurement, information technology, and finance positions" in "organisations within the energy, manufacturing, website creation, and software and internet security solutions" sectors in the Czech republic, Italy, and in what IBM called "greater Europe".

Organisations in South Korea and Taiwan also came under attack.

The idea was to use stolen information "to gain future unauthorised access to corporate networks and sensitive information relating to Covid-19 vaccine distribution," the US tech firm added.

IBM could not say who did it, but the signs "pointed to nation-state activity", it said.

The stolen data could also be "a hot black-market commodity", it added.

It was "unclear" if the attacks were successful, it noted.

But given that Haier Biomedical, the fake cover for the cyber-assaults, was so well-known in the vaccine-transport sector, it was probable "intended targets may engage with the inbound emails without questioning the sender's authenticity," IBM said.

The warning came as EU countries prepared to roll out massive corona-vaccination programmes in early 2021.

The EU has set aside €2 billion in its next budget to help defend commercial secrets in the single market from hackers, amid growing awareness of the threat.

EU institutions are frequently targeted by sophisticated villains.

"The majority of discovered, successful compromises of information in the GSC [general secretariat of the council] are from threat source level VERY HIGH (e.g. state-sponsored attacks)," according to an internal security document from the EU Council, which prepares member states' meetings in Brussels, seen by EUobserver.

'Scientific potential'

The EU, in July, stigmatised China, North Korea, and Russia as the world's worst culprits in its first-ever round of sanctions against cyber-crimes.

The UK, also in July, said Russian hackers had targeted Covid-19 researchers in Britain, Canada, and the US.

And China has been suspected of using more old-fashioned espionage to steal vaccine science in Belgium.

But speaking to EUobserver back in 2012, Alain Winants, the then head of the Belgian domestic intelligence service, the Dienst voor de Veiligheid van de Staat, said that, when it came to economic secrets, everybody was in on the act.

"It would be naive to think that only countries like Russia, China, Iran are spying [against the EU]," he said.

"There is one field where the difference between neutral, friendly, and unfriendly [intelligence] services tends to disappear and that's when you're talking about the protection of economic and scientific potential. In this case, I think every service is in competition with the others," Winants said.

Interview

Lithuania bids to host EU cyber-centre

Lithuania wants a new EU cyber-security centre to hang its flag in a historic TV tower in Vilnius, on one of Europe's modern front lines.

Cybercrime rises during coronavirus pandemic

Cybercrime and cyberattacks have increased due to the coronavirus outbreak. As a result, the World Health Organization, hospitals and research centres are being targeted by organised cybercriminals - searching for information, intelligence, and systems access.

Feature

Italy's mafias - boosted by Covid, now eyeing EU's billions

Italy's various mafias are allegedly exploiting the chaos caused by the Covid-19 emergency to infiltrate even deeper into sectors where they are already present, such as healthcare, mortuary services, and waste disposal (both medical and non-medical).

Opinion

Big Tech's attempt to water down the EU AI act revealed

The launch of ChatGPT has sparked a worldwide debate on Artificial Intelligence systems. Amidst Big Tech's proclamations that these AI systems will revolutionise our daily lives, the companies are engaged in a fierce lobbying battle to water-down regulations.

Latest News

  1. EU to press South Korea on arming Ukraine
  2. Aid agencies clam up in Congo sex-for-work scandal
  3. Ukraine — what's been destroyed so far, and who pays?
  4. EU sending anti-coup mission to Moldova in May
  5. Firms will have to reveal and close gender pay-gap
  6. Why do 83% of Albanians want to leave Albania?
  7. Police violence in rural French water demos sparks protests
  8. Work insecurity: the high cost of ultra-fast grocery deliveries

Stakeholders' Highlights

  1. EFBWWEFBWW calls for the EC to stop exploitation in subcontracting chains
  2. InformaConnecting Expert Industry-Leaders, Top Suppliers, and Inquiring Buyers all in one space - visit Battery Show Europe.
  3. EFBWWEFBWW and FIEC do not agree to any exemptions to mandatory prior notifications in construction
  4. Nordic Council of MinistersNordic and Baltic ways to prevent gender-based violence
  5. Nordic Council of MinistersCSW67: Economic gender equality now! Nordic ways to close the pension gap
  6. Nordic Council of MinistersCSW67: Pushing back the push-back - Nordic solutions to online gender-based violence

Join EUobserver

Support quality EU news

Join us