Friday

23rd Apr 2021

Corona-hackers targeted EU officials with bogus emails

  • EU Commission HQ in Brussels: institutions are frequent target of state-sponsored attacks (Photo: European Commission)

Hackers, likely linked to a foreign state, have targeted the EU Commission with bogus emails to steal secrets on Covid-19 vaccines, according to US tech firm IBM.

The sting began in September 2020 and the "adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the Covid-19 vaccine supply chain and qualified supplier for the CCEOP programme," IBM said on Thursday (3 December).

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • Covid-19 vaccine is potential goldmine for malign actors (Photo: gsk.com)

Haier Biomedical is a Chinese firm that deals with refrigeration of vaccines in storage and transport.

The Cold Chain Equipment Optimisation Platform (CCEOP) is a UN-linked group in which private companies and public institutions work together to distribute drugs.

The fake executive, using the address yongbinxu@haierbiomedical.com, sent emails to people containing "malicious" links, which, when clicked, prompted the reader to disclose personal credentials.

Targets included EU officials in a commission department in Brussels dealing with customs and tax, who "could serve as a single point of compromise impacting multiple high-value targets across the 27 member states of the European Union and beyond," IBM said.

Targets also included staff in a German website-development company in the CCEOP, as well as other personnel in "sales, procurement, information technology, and finance positions" in "organisations within the energy, manufacturing, website creation, and software and internet security solutions" sectors in the Czech republic, Italy, and in what IBM called "greater Europe".

Organisations in South Korea and Taiwan also came under attack.

The idea was to use stolen information "to gain future unauthorised access to corporate networks and sensitive information relating to Covid-19 vaccine distribution," the US tech firm added.

IBM could not say who did it, but the signs "pointed to nation-state activity", it said.

The stolen data could also be "a hot black-market commodity", it added.

It was "unclear" if the attacks were successful, it noted.

But given that Haier Biomedical, the fake cover for the cyber-assaults, was so well-known in the vaccine-transport sector, it was probable "intended targets may engage with the inbound emails without questioning the sender's authenticity," IBM said.

The warning came as EU countries prepared to roll out massive corona-vaccination programmes in early 2021.

The EU has set aside €2 billion in its next budget to help defend commercial secrets in the single market from hackers, amid growing awareness of the threat.

EU institutions are frequently targeted by sophisticated villains.

"The majority of discovered, successful compromises of information in the GSC [general secretariat of the council] are from threat source level VERY HIGH (e.g. state-sponsored attacks)," according to an internal security document from the EU Council, which prepares member states' meetings in Brussels, seen by EUobserver.

'Scientific potential'

The EU, in July, stigmatised China, North Korea, and Russia as the world's worst culprits in its first-ever round of sanctions against cyber-crimes.

The UK, also in July, said Russian hackers had targeted Covid-19 researchers in Britain, Canada, and the US.

And China has been suspected of using more old-fashioned espionage to steal vaccine science in Belgium.

But speaking to EUobserver back in 2012, Alain Winants, the then head of the Belgian domestic intelligence service, the Dienst voor de Veiligheid van de Staat, said that, when it came to economic secrets, everybody was in on the act.

"It would be naive to think that only countries like Russia, China, Iran are spying [against the EU]," he said.

"There is one field where the difference between neutral, friendly, and unfriendly [intelligence] services tends to disappear and that's when you're talking about the protection of economic and scientific potential. In this case, I think every service is in competition with the others," Winants said.

Interview

Lithuania bids to host EU cyber-centre

Lithuania wants a new EU cyber-security centre to hang its flag in a historic TV tower in Vilnius, on one of Europe's modern front lines.

Cybercrime rises during coronavirus pandemic

Cybercrime and cyberattacks have increased due to the coronavirus outbreak. As a result, the World Health Organization, hospitals and research centres are being targeted by organised cybercriminals - searching for information, intelligence, and systems access.

Feature

Italy's mafias - boosted by Covid, now eyeing EU's billions

Italy's various mafias are allegedly exploiting the chaos caused by the Covid-19 emergency to infiltrate even deeper into sectors where they are already present, such as healthcare, mortuary services, and waste disposal (both medical and non-medical).

News in Brief

  1. Putin's troops march back again from Ukraine border
  2. German business favours Greens candidate to succeed Merkel
  3. 2020 was Europe's hottest year on record: EU scientists
  4. Germany: Bosnia plan put into 'shredder of history'
  5. Czech Republic to expel more Russian diplomats
  6. Over 120 people feared dead after Libya shipwreck
  7. Biden: US will cut emissions by 50 percent by 2030
  8. Golden backdoor to EU exposed in Malta

Stakeholders' Highlights

  1. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  2. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance
  3. Nordic Council of MinistersThe Nordic Region can and should play a leading role in Europe’s digital development
  4. Nordic Council of MinistersNordic Council to host EU webinars on energy, digitalisation and antibiotic resistance
  5. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  6. Nordic Council of MinistersWomen benefit in the digitalised labour market

Latest News

  1. EU mulls legal action against AstraZeneca over shortfalls
  2. Palestinian PM demands EU pressure Israel on elections
  3. New Bauhaus contest kicks off to inspire green projects
  4. Albania's election: what is at stake?
  5. Football's 'Super League' - an own-goal for EU soft power
  6. Chemical-weapons vote reveals 'friends of Syria' axis
  7. Russia should pay 'costs' for Czech attack, US says
  8. Merkel 'open' to EU treaty change on health

Join EUobserver

Support quality EU news

Join us