{
	"id": "e4c25193-625e-465a-97d6-857560141b3a",
	"created_at": "2026-04-06T00:17:41.40802Z",
	"updated_at": "2026-04-10T03:33:45.908542Z",
	"deleted_at": null,
	"sha1_hash": "7a02b5df3791b72b6f082e48459f1dd1ea31d52e",
	"title": "Chinese hackers target Indian vaccine makers SII, Bharat Biotech, says security firm",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36614,
	"plain_text": "Chinese hackers target Indian vaccine makers SII, Bharat Biotech,\r\nsays security firm\r\nBy Reuters\r\nPublished: 2021-03-01 · Archived: 2026-04-05 13:00:50 UTC\r\nHomeHealthcare NewsChinese hackers target Indian vaccine makers SII, Bharat Biotech, says security firm\r\nChina and India have both sold or gifted COVID-19 shots to many countries.\r\nA Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers\r\nwhose coronavirus shots are being used in the country's immunisation campaign, cyber intelligence firm Cyfirma\r\ntold Reuters.\r\nChina and India have both sold or gifted COVID-19 shots to many countries. India produces more than 60 percent\r\nof all vaccines sold in the world.\r\nGoldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known\r\nas Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat\r\nBiotech and the Serum Institute of India (SII), the world's largest vaccine maker.\r\n\"The real motivation here is actually exfiltrating intellectual property and getting a competitive advantage over\r\nIndian pharmaceutical companies,\" said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official\r\nwith British foreign intelligence agency MI6.\r\nHe said APT10 was actively targeting SII, which is making the AstraZeneca vaccine for many countries and will\r\nsoon start bulk-manufacturing Novavax shots.\r\n\"In the case of Serum Institute, they have found a number of their public servers running weak web servers, these\r\nare vulnerable web servers,\" Ritesh said, referring to the hackers.\r\n\"They have spoken about the weak web application, they are also talking about the weak content-management\r\nsystem. It's quite alarming.\"\r\nChina's foreign ministry did not immediately reply to a request for comment.\r\nSII and Bharat Biotech declined to comment. The government-run Indian Computer Emergency Response Team,\r\nwith whom Cyfirma said it had shared its findings, had no immediate comment.\r\nThe US Department of Justice said in 2018 that APT10 had acted in association with the Chinese Ministry of State\r\nSecurity.\r\nMicrosoft had said in November that it had detected cyber-attacks from Russia and North Korea targeting\r\nCOVID-19 vaccine companies in India, Canada, France, South Korea and the United States. North Korean\r\nhttps://www.cnbctv18.com/healthcare/chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.htm\r\nPage 1 of 2\n\nhackers also tried to break into the systems of British drugmaker AstraZeneca, Reuters has reported.\r\nRitesh, whose firm follows the activities of some 750 cybercriminals and monitors nearly 2,000 hacking\r\ncampaigns using a tool called decipher, said it was not yet clear what vaccine-related information APT10 may\r\nhave accessed from the Indian companies.\r\nBharat Biotech's COVAXIN shot, developed with the state-run Indian Council of Medical Research, will be\r\nexported to many countries, including Brazil.\r\nUS drugmaker Pfizer Inc and its German partner BioNTech SE said in December that documents related to the\r\ndevelopment of their COVID-19 vaccine had been \"unlawfully accessed\" in a cyberattack on Europe's medicines\r\nregulator.\r\nRelations between nuclear-armed neighbours China and India soured last June when 20 Indian and four Chinese\r\nsoldiers were killed in a Himalayan border fight. Recent talks have eased the tension.\r\nFirst Published: \r\nMar 1, 2021 5:31 PM\r\nIST\r\nSource: https://www.cnbctv18.com/healthcare/chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.ht\r\nm\r\nhttps://www.cnbctv18.com/healthcare/chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.htm\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.cnbctv18.com/healthcare/chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.htm"
	],
	"report_names": [
		"chinese-hackers-target-indian-vaccine-makers-sii-bharat-biotech-says-security-firm-8461981.htm"
	],
	"threat_actors": [
		{
			"id": "ec14074c-8517-40e1-b4d7-3897f1254487",
			"created_at": "2023-01-06T13:46:38.300905Z",
			"updated_at": "2026-04-10T02:00:02.918468Z",
			"deleted_at": null,
			"main_name": "APT10",
			"aliases": [
				"Red Apollo",
				"HOGFISH",
				"BRONZE RIVERSIDE",
				"G0045",
				"TA429",
				"Purple Typhoon",
				"STONE PANDA",
				"Menupass Team",
				"happyyongzi",
				"CVNX",
				"Cloud Hopper",
				"ATK41",
				"Granite Taurus",
				"POTASSIUM"
			],
			"source_name": "MISPGALAXY:APT10",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "ba9fa308-a29a-4928-9c06-73aafec7624c",
			"created_at": "2024-05-01T02:03:07.981061Z",
			"updated_at": "2026-04-10T02:00:03.750803Z",
			"deleted_at": null,
			"main_name": "BRONZE RIVERSIDE",
			"aliases": [
				"APT10 ",
				"CTG-5938 ",
				"CVNX ",
				"Hogfish ",
				"MenuPass ",
				"MirrorFace ",
				"POTASSIUM ",
				"Purple Typhoon ",
				"Red Apollo ",
				"Stone Panda "
			],
			"source_name": "Secureworks:BRONZE RIVERSIDE",
			"tools": [
				"ANEL",
				"AsyncRAT",
				"ChChes",
				"Cobalt Strike",
				"HiddenFace",
				"LODEINFO",
				"PlugX",
				"PoisonIvy",
				"QuasarRAT",
				"QuasarRAT Loader",
				"RedLeaves"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "04b07437-41bb-4126-bcbb-def16f19d7c6",
			"created_at": "2022-10-25T16:07:24.232628Z",
			"updated_at": "2026-04-10T02:00:04.906097Z",
			"deleted_at": null,
			"main_name": "Stone Panda",
			"aliases": [
				"APT 10",
				"ATK 41",
				"Bronze Riverside",
				"CTG-5938",
				"CVNX",
				"Cuckoo Spear",
				"Earth Kasha",
				"G0045",
				"G0093",
				"Granite Taurus",
				"Happyyongzi",
				"Hogfish",
				"ITG01",
				"Operation A41APT",
				"Operation Cache Panda",
				"Operation ChessMaster",
				"Operation Cloud Hopper",
				"Operation Cuckoo Spear",
				"Operation New Battle",
				"Operation Soft Cell",
				"Operation TradeSecret",
				"Potassium",
				"Purple Typhoon",
				"Red Apollo",
				"Stone Panda",
				"TA429",
				"menuPass",
				"menuPass Team"
			],
			"source_name": "ETDA:Stone Panda",
			"tools": [
				"Agent.dhwf",
				"Agentemis",
				"Anel",
				"AngryRebel",
				"BKDR_EVILOGE",
				"BKDR_HGDER",
				"BKDR_NVICM",
				"BUGJUICE",
				"CHINACHOPPER",
				"ChChes",
				"China Chopper",
				"Chymine",
				"CinaRAT",
				"Cobalt Strike",
				"CobaltStrike",
				"DARKTOWN",
				"DESLoader",
				"DILLJUICE",
				"DILLWEED",
				"Darkmoon",
				"DelfsCake",
				"Derusbi",
				"Destroy RAT",
				"DestroyRAT",
				"Ecipekac",
				"Emdivi",
				"EvilGrab",
				"EvilGrab RAT",
				"FYAnti",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"GreetCake",
				"HAYMAKER",
				"HEAVYHAND",
				"HEAVYPOT",
				"HTran",
				"HUC Packet Transmit Tool",
				"Ham Backdoor",
				"HiddenFace",
				"Impacket",
				"Invoke the Hash",
				"KABOB",
				"Kaba",
				"Korplug",
				"LODEINFO",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"MiS-Type",
				"Mimikatz",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"NOOPDOOR",
				"Newsripper",
				"P8RAT",
				"PCRat",
				"PlugX",
				"Poison Ivy",
				"Poldat",
				"PowerSploit",
				"PowerView",
				"PsExec",
				"PsList",
				"Quarks PwDump",
				"Quasar RAT",
				"QuasarRAT",
				"RedDelta",
				"RedLeaves",
				"Rubeus",
				"SNUGRIDE",
				"SPIVY",
				"SharpSploit",
				"SigLoader",
				"SinoChopper",
				"SodaMaster",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"UpperCut",
				"Vidgrab",
				"WinRAR",
				"WmiExec",
				"Wmonder",
				"Xamtrav",
				"Yggdrasil",
				"Zlib",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"dfls",
				"lena",
				"nbtscan",
				"pivy",
				"poisonivy",
				"pwdump"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "ba3fff0c-3ba0-4855-9eeb-1af9ee18136a",
			"created_at": "2022-10-25T15:50:23.298889Z",
			"updated_at": "2026-04-10T02:00:05.316886Z",
			"deleted_at": null,
			"main_name": "menuPass",
			"aliases": [
				"menuPass",
				"POTASSIUM",
				"Stone Panda",
				"APT10",
				"Red Apollo",
				"CVNX",
				"HOGFISH",
				"BRONZE RIVERSIDE"
			],
			"source_name": "MITRE:menuPass",
			"tools": [
				"certutil",
				"FYAnti",
				"UPPERCUT",
				"SNUGRIDE",
				"P8RAT",
				"RedLeaves",
				"SodaMaster",
				"pwdump",
				"Mimikatz",
				"PlugX",
				"PowerSploit",
				"ChChes",
				"cmd",
				"QuasarRAT",
				"AdFind",
				"Cobalt Strike",
				"PoisonIvy",
				"EvilGrab",
				"esentutl",
				"Impacket",
				"Ecipekac",
				"PsExec",
				"HUI Loader"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434661,
	"ts_updated_at": 1775792025,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7a02b5df3791b72b6f082e48459f1dd1ea31d52e.pdf",
		"text": "https://archive.orkl.eu/7a02b5df3791b72b6f082e48459f1dd1ea31d52e.txt",
		"img": "https://archive.orkl.eu/7a02b5df3791b72b6f082e48459f1dd1ea31d52e.jpg"
	}
}