Cyber Incident Victim: Regeneron Pharmaceuticals

In early 2021, the US Department of Justice seized multiple domains linked to fraudulent COVID-19 vaccine operations, including one impersonating Regeneron Pharmaceuticals. The domain in question falsely advertised the sale of Regeneron's REGEN-COV2 antibody-drug cocktail, which had received FDA emergency authorization in November 2020. Instead of legitimate pharmaceutical services, the site harvested visitors' personal information for criminal purposes such as identity fraud, phishing campaigns, and potential malware distribution. This seizure occurred on March 9, 2021, marking the fifth such domain confiscation since December 2020. Previous seizures included regeneronmedicals.com (taken December 18, 2020), modernatx.com (December 18, 2020), modernatx.shop (January 15, 2021), and remdesivirmx.com (March 1, 2021). All impersonated legitimate biotech companies involved in COVID-19 therapeutics. Visitors to the seized Regeneron-affiliated domain were redirected to a federal notice confirming the government action.

The fraudulent activities formed part of a broader pattern of COVID-19-related cybercrime that caused over $365 million in losses according to FTC data. Threat actors targeted vaccine research organizations through coordinated campaigns, with attribution to Chinese and Russian state-sponsored groups like APT29. The domain seizures prevented further collection of personal data and disrupted potential follow-on crimes. Acting US Attorney Jonathan F. Lenzner publicly emphasized that COVID-19 vaccines were being distributed free of charge, reinforcing official communications to counter criminal misinformation. Microsoft concurrently executed takedowns of additional pandemic-related malicious domains. While the exact number of victims impacted by the Regeneron-domain fraud remains unspecified, the operation demonstrated ongoing public-private efforts to combat cyber exploitation during the health crisis.