Cyber Incident Victim: Serum Institute of India
Date:
Feb 2021
Location:
India
Summary
A Chinese state-backed hacking group, identified as APT10 (Stone Panda), targeted the IT systems of two major Indian vaccine manufacturers, including the Serum Institute of India, aiming to exploit vulnerabilities in their infrastructure and supply chain software. The attackers sought to exfiltrate intellectual property to gain competitive advantage, focusing on weak web servers, applications, and content management systems within the targeted organizations. The campaign highlighted risks to critical healthcare infrastructure during global vaccine distribution efforts, though no confirmed data breaches or operational disruptions were reported by the firms. Cybersecurity analysts attributed the activity to espionage motives aligned with China's strategic interests in the pharmaceutical sector.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early 2021, the Serum Institute of India (SII) and Bharat Biotech, two leading Indian COVID-19 vaccine manufacturers, were targeted by advanced cyber espionage activities attributed to Chinese state-backed hacking group APT10 (also known as Stone Panda). Singapore and Tokyo-based cybersecurity firm Cyfirma identified the campaign in recent weeks prior to March 2021, revealing that attackers had systematically probed both organizations' IT infrastructure for vulnerabilities. The hackers specifically focused on weaknesses in supply chain software and public-facing systems, with Cyfirma CEO Kumar Ritesh confirming they discovered vulnerable web servers, inadequate web applications, and insecure content-management systems at SII. This targeting occurred while SII was producing AstraZeneca vaccines for global distribution and preparing to manufacture Novavax shots, and while Bharat Biotech was producing its COVAXIN vaccine. Cyfirma assessed the primary objective as intellectual property theft to gain competitive advantage in the pharmaceutical sector, particularly significant given India's position as producer of over 60% of global vaccines. The firm shared its findings with India's Computer Emergency Response Team (CERT), though no immediate official response was documented.
The incident carried substantial implications for global vaccine supply chains and geopolitical tensions, occurring amid both nations' COVID-19 vaccine diplomacy efforts. Neither SII nor Bharat Biotech publicly acknowledged breaches or disclosed operational impacts, maintaining a policy of declining media comment. China's foreign ministry did not respond to Reuters' requests for comment regarding the attribution. The targeting highlighted critical infrastructure risks within pharmaceutical supply chains, particularly for organizations managing temperature-sensitive vaccine logistics. While no data exfiltration was explicitly confirmed, the attempted compromise of systems at the world's largest vaccine manufacturer raised concerns about potential disruptions to vaccine production timelines and unauthorized access to proprietary manufacturing processes. The absence of public containment measures or technical mitigations from the affected organizations left the operational status of vulnerabilities unresolved in available reporting.