Chinese hackers accused of stealing information from Spanish centers working on Covid-19 vaccine

Intelligence service says computer systems have been repeatedly attacked in the health and pharmaceutical sectors, but China’s Foreign Ministry denies the claim

Investigadores del Centro Nacional de Biotecnología (CNB-CSIC)
Researchers at the National Biotechnology Institute in Spain.Luis Manuel Rivas

Chinese hackers have stolen information from Spanish research centers working on a Covid-19 vaccine, according to sources familiar with the situation.

The cyberattacks were conducted against Spain and several other countries competing to develop a coronavirus vaccine, said Paz Esteban, the head of Spain’s National Intelligence Center (CNI).

The CNI director said that “sensitive sectors such as health and pharmaceutics” had been targeted, and that there has been “a particularly virulent campaign, and not just in Spain, against laboratories working on a vaccine for Covid-19.”

Most of these attacks came from China and Russia, according to sources consulted by this newspaper. In many cases they originated in state agencies, but there were also universities and criminal organizations seeking to cash in on the stolen information.

The cyberattack against Spanish research labs came from China, according to these sources, who declined to reveal the nature or relevance of the stolen information.

But Chinese officials on Friday denied the veracity of the claim. “China’s research and development on vaccines against Covid-19 is ahead of other countries'. We have no need to steal what others are doing in order to have access to a vaccine,” said Wang Wenbin, the spokesperson for China’s Foreign Ministry.

Spain’s national intelligence chief warned of a “qualitative and quantitative growth” in overall cyberattacks during the coronavirus confinement period

Speaking at a seminar organized by the Association of European Journalists (AEJ), Esteban warned of a “qualitative and quantitative growth” in overall cyberattacks during the coronavirus confinement period, pointing to the fact that many people are now working remotely, increasing their exposure to online threats.

In July of this year, a US federal court announced an indictment charging two Chinese nationals, Li Xiaoyu and Dong Jiazhi, with conducting a hacking campaign for over a decade against hundreds of high-tech companies, governments, non-profit groups and human rights activists in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Britain and Spain.

Researchers at Spain’s National Research Council (CSIC) working on experimental Covid-19 vaccines were summoned to a meeting before the summer and told to take measures against potential data theft, according to two people who attended the meeting. But the heads of six Spanish teams working on vaccine prototypes said they were not aware of any data theft from their computer systems.

A CSIC spokesperson said that no theft has occurred at its Madrid research centers. Sources at Clinic Hospital in Barcelona said they were not aware of any intrusion into the computers storing the results of an experimental vaccine based on coronavirus genetic material. Similar responses were provided by the National Institute of Agricultural and Food Research and Technology (INIA) and by the University of Santiago de Compostela, where a team led by José Manuel Martínez Costas is working on an original angle based on a strategy involving bird virus.

There are around 10 ongoing vaccine projects in Spain. The most advanced ones are headed by the virologist Mariano Esteban of the CSIC’s National Biotechnology Center, and by the doctor Felipe García, of Barcelona’s Clínic Hospital. Neither one has moved to human trials yet.

English version by Susana Urra.


More information

Recomendaciones EL PAÍS
Recomendaciones EL PAÍS