North Korean hackers attempted to breach the servers of the U.S.-based vaccine manufacturer Pfizer, and its German partner BioNTech, in hopes of gathering scientific data that could be used to manufacture bootleg copies of a COVID-19 vaccine to sell on international black markets, according to intelligence officials in Europe.
North Korea’s intent was likely to raise funds in foreign currency. The hermit dictatorship’s domestic currency is mostly worthless outside its borders.
Two European security officials briefed on cyber-operations told Insider the attempted intrusion was likely an official North Korean operation to gather scientific data on Pfizer’s COVID-19 vaccine, one of just three vaccines so far approved for emergency use by the World Health Organization. Both officials said the attempt was connected to November’s announcement of multiple hacking intrusions via Microsoft network infrastructure.
“It clearly was an information-gathering attempt rather than a– or ransom-style attack. I will not get into technical details but we have developed plenty of experience with each type of attack,” said a European official, who would not be named because of the extreme sensitivity of the situation.
“North Korea will have physical access to Pfizer vaccines long after they’ve seen Chinese or Russian versions. But they want to decide which will be the easiest to bootleg and transport for the black market,” said the official, pointing out that both Russia and China have promised millions of doses to North Korea for free, despite the country’s claim it has never had a case of COVID.
“So they wanted to take a look to see if the Pfizer vaccine would be a viable dose to copy,” added the official. “We are not giving out any information on whether the hacking attempt succeeded but if it had I’d suspect the Pfizer vaccine would provide too many manufacturing and storage problems compared to the Russian or Chinese vaccines.” The Pfizer vaccine requires two types of refrigeration; the AstraZeneca version needs only a normal fridge.
When asked if North Korea would be trying to sell a bootleg of some sort, the source confirmed without a doubt, considering North Korea’s long history of counterfeiting, bootlegging, drug-dealing, and arms-smuggling through its embassies around the world.
Hacking alone provides massive amounts of income to the regime, according to indictments last week by U.S. authorities against a ring of North Korean state-linked hackers accused of stealing $1.3 billion from various targets.
For decades, North Korea has been accused of using its embassies as lucrative outposts for organized crime ranging from counterfeiting U.S. currency, dealing methamphetamine around the world via secure diplomatic pouches, to selling arms to rogue regimes in violation of embargoes.
In 2007, Israeli warplanes bombed a secret nuclear reactor being built in Syria with the help of North Korean engineers, who have long covertly assisted Middle Eastern regimes in exchange for hard currency.
“The North Koreans have been essential to Israeli’s enemies since the 1970s, helping first the PLO build massive fortifications and bunkers throughout the camps in Lebanon and the Beqaa Valley,” said a former Israeli official. “And today we have strong evidence — it’s without a doubt really — that for decades they have been working with Hezbollah and Iran to reinforce their positions, not only in Lebanon but Iran as well.”
When asked why North Korea was these actors’ resource of choice, the source was blunt.
“They’re great engineers with a national history of mining,” they said. “Arabs don’t really have hundreds of years of coal mining to fall on for expertise like [North Koreans] do. And they can work anywhere and there will be no questions if there’s an accident or the site gets bombed by the [Israeli Air Force].”
This report was written by Mitch Prothero and originally published on Insider.