With vaccines for COVID-19 being deployed worldwide, threat actors are targeting the data surrounding it. The European Medicines Agency (EMA) announced some data from Pfizer and BioNTech has been stolen and leaked in a cyberattack after an investigation was launched in December.

Documents relating to regulatory standards for Pfizer and BioNTech’s vaccine candidates were confirmed to be accessed during a breach. The documents were stolen from storage on the European Medicines Agency’s server. In response to the attack, the EMA said in a statement, “necessary action is being taken by the law-enforcement authorities.”

The EMA has not disclosed any specific details such as indicators of compromise (IoCs) or the exact time the attack occurred but are contacting “additional entities and individuals whose documents and personal data may have been subject to unauthorized access.”

Fortunately, this attack did not affect any operations relating to the approval of vaccines or rollouts. The data stolen was connected to the BNT162b2 vaccine which has already been distributed throughout the U.K. and will be distributed to other countries in the future.

Among threat actors, EMA can be considered a tough target to infiltrate. The motive behind the attack could purely be displaying their infiltration skills. On the other hand, the data’s worth is increasing daily as it could be used in development of vaccines in countries other than those where it’s being developed.

Recently, we observed a North Korean APT looking to obtain COVID-19 information and it was evident they were looking to advance their vaccine development because their usual attack pattern was aimed toward more financially beneficial targets.

SpearTip’s cyber professionals are continuously monitoring client environments 24/7 in our US based Security Operations Center. To keep your sensitive data protected, invest in a firm like SpearTip with helpful tools such as ShadowSpear®. ShadowSpear® is our proprietary tool that allows our partners full transparency on their risk profile while stopping threats in their tracks.