Security News > 2021 > January > Hackers leaked altered Pfizer data to sabotage trust in vaccines
The European Medicines Agency today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines.
EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU. "The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet," the agency disclosed today.
BleepingComputer became aware of several threat actors leaking what they claimed to be the stolen EMA data on multiple hacker forums on December 31st. Several sources in the cybersecurity intelligence community told BleepingComputer that the leaked data archives included email screenshots, EMA peer review comments, as well as Word, PDF, PowerPoint documents.
Below is a screenshot of one of the data leaks seen by BleepingComputer at the time, linking to archives containing the altered documents stolen during the EMA attack.
As the screenshot shows, the intent of the threat actor behind the leak was to highlight that the Pfizer COVID-19 vaccine was fake, confirming EMA's disclosure that the leaked documents were manipulated with the purpose of weakening trust in the vaccines.
EMA also discovered that the data breach was limited to a single IT app, with the threat actors behind this attack primarily targeting data related to COVID-19 vaccines and medicines.