The Limited Times

Now you can see non-English news...

Russian hackers were said to have been in the Ema system for weeks

2021-03-07T08:28:41.961Z


At the end of 2020, the EU Medicines Agency announced that it had been the victim of a cyber attack. Biontech documents were also accessed. A Dutch newspaper now provides new details.


Icon: enlarge

EU drug agency Ema: Russian hackers are said to be behind a cyber attack on the agency that was made public in December

Photo: LEX VAN LIESHOUT / AFP

Who hacked the drug agency Ema, which is testing corona vaccines in the EU?

And what was the aim of the attacker (s)?

These questions have been discussed since mid-December.

At that time, the agency made public that it was the focus of a cyber attack.

However, she did not reveal any details.

Finally, it became known through the media that the hackers gained access to vaccine documents from the Mainz company Biontech during their attack.

A few days later, the Ema itself said that "a limited number of documents belonging to third parties had been illegally viewed".

The Dutch newspaper "de Volkskrant" has now published a major research on the case, based on unnamed sources from the context of the investigation.

According to their information, it was apparently Russian hackers who first managed to gain insight into Ema's e-mail traffic by means of forged e-mails in the fall.

Via the e-mails into the system

In those emails, the attackers at some point came across a message that was supposed to activate two-factor authentication for a new user, it is said.

The hackers used this discovery to connect their own device to the Ema system.

Due to a certain technical setting, it was now possible for both the actual new user and the hacker to log in.

That weak point in the security system had such serious consequences.

After their successful penetration, the hackers are said to have had unnoticed access to the drug authority's system for weeks and even more than a month, writes "de Volkskrant".

As their sources reported to the newspaper, the attackers are said to have been less interested in the vaccines from companies such as Biontech itself.

They would rather have wanted to know which countries they are buying and in what quantities, it is said.

"Classic industrial espionage," one of the sources is quoted as saying.

In the course of the attack, internal Ema documents ended up on the network, including combined extracts of captured emails.

This could be part of a disinformation campaign aimed at undermining trust in Ema, the EU or the safety of vaccines.

However, the insiders suspect that the leak was not the main target of the action.

The article suggests that the Russian hackers would have been more interested in the European vaccine strategy.

The focus would make sense insofar as Russia has developed Sputnik V, its own vaccine, which it also offers to other countries.

Allegedly just one of two major incidents

There were indications from investigators that state actors could be behind the attack as early as December.

At the time, however, it was said that it was still unclear which state could be responsible for the attack.

Another serious cyber attack on Ema is said to have already occurred in spring 2020, writes "de Volkskrant": According to some sources, Chinese spies gained access to the Ema system via an attack on a German university.

The exact extent of that attack is unclear, however, and Ema herself denies the incident.

The drug authority has not yet commented on the details that »de Volkskrant« has now published on the alleged Russian attack.

A SPIEGEL request on the subject went unanswered on Saturday.

Meanwhile, the agency only confirmed to Reuters news agency that criminal investigations into the hack continue, in which Ema itself was also involved.

The Russian Foreign Ministry has not yet commented to Reuters on the allegations that the attackers were working on behalf of Russia.

Moscow regularly denies involvement in hacker attacks.

Incidentally, the Ema hack is said to have been exposed after a few weeks when a system manager at the authority checked so-called log data.

He noticed that a certain employee regularly logged into the network outside of office hours, it is said.

Icon: The mirror

mbö

Source: spiegel

All tech articles on 2021-03-07

You may like

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.