Cyber Incident Victim: Bharat Biotech
Date:
Feb 2021
Location:
India
Summary
A Chinese state-backed hacking group targeted the IT systems of an Indian COVID-19 vaccine manufacturer, Bharat Biotech, along with another domestic firm producing shots for the national immunization effort. The cyberespionage campaign, identified by a security firm, aimed at organizations critical to the country's pandemic response, though specific operational disruptions or data breaches were not detailed in the report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early 2021, a Chinese state-backed hacking group targeted the IT systems of Bharat Biotech and the Serum Institute of India (SII), two prominent Indian pharmaceutical companies involved in COVID-19 vaccine production. The cyber espionage campaign, identified by cybersecurity firm Cyfirma and reported by Reuters in March 2021, occurred in recent weeks prior to the report’s publication, placing the activity around February 2021. The attackers employed spear-phishing techniques to infiltrate the companies’ networks, aiming to steal intellectual property and sensitive data related to vaccine development, manufacturing processes, and supply chain operations. This targeting aligned with broader geopolitical interests in disrupting or gaining strategic advantages in global vaccine distribution during the pandemic. The incident reflected a pattern of state-sponsored cyber operations against healthcare and pharmaceutical entities engaged in COVID-19 response efforts worldwide.
Cyfirma’s disclosure highlighted the operational focus on extracting intelligence about India’s domestic immunization program, which relied heavily on vaccines produced by these manufacturers. The security firm attributed the campaign to a known Chinese advanced persistent threat (APT) group but did not publicly name the specific actor. While the article did not confirm whether the attacks resulted in confirmed data exfiltration or system compromises, the targeting alone underscored the elevated cybersecurity risks faced by critical healthcare infrastructure during the pandemic. Bharat Biotech’s involvement as a developer of Covaxin, one of India’s primary COVID-19 vaccines, made it a high-value target for adversaries seeking proprietary information. The incident prompted increased scrutiny of network defenses within the pharmaceutical sector, though specific containment measures or technical responses by the affected organizations were not detailed in the available reporting. Cybersecurity authorities and industry partners likely intensified monitoring for similar threats following the disclosure.