EU regulator: Hackers ‘manipulated’ stolen vaccine documents

LONDON (AP) – The European Union’s drug regulator said on Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but “manipulated”.

The European Medicines Agency (EMA) said that an ongoing investigation showed that hackers obtained emails and documents from November related to the evaluation of experimental coronavirus vaccines.

The agency, which regulates drugs and medicines across the 27-member EU, had troves of confidential COVID-19 data as part of its vaccine approval process.

“Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines,” the Netherlands-based agency said.

“We have seen that some of the correspondence has been published not in its integrity and original form and, or with, comments or additions by the perpetrators.”

The agency did not explain exactly what information was altered – but cybersecurity experts said such practices are typical of disinformation campaigns launched by governments.

Italian cybersecurity firm Yarix said it found the 33-megabyte leak on a well-known underground forum with the title “Astonishing fraud! Evil Pfffizer! Fake vaccines!” It was apparently first posted on December 30 and later appeared on other sites, including on the dark web, the company said on its website.

Yarix said “the intention behind the leak by cybercriminals is certain: to cause significant damage to the reputation and credibility of EMA and Pfizer”.

Cybersecurity consultant Lukasz Olejnik said he believed the intention was far more broad.

“I fear this release has a significant potential of sowing distrust in the EMA process, the vaccines, and vaccination in Europe in general,” he said.

“While it is unclear as to who may be behind this operation, it is evident that someone determined allocated resources to it.”