At that time, the agency made public that it was the focus of a cyber attack. But she did not reveal any details. Finally, it became known through the media that the hackers gained access to vaccine documents from the Mainz company Biontech during their attack. A few days later, the Ema itself said that “a limited number of documents belonging to third parties had been illegally viewed”.
Via the e-mails into the system
In those emails, the attackers at some point came across a message that was supposed to activate two-factor authentication for a new user, it is said. The hackers used this discovery to connect their own device to the Ema system. Due to a certain technical setting, it was now possible for both the actual new user and the hacker to log in. That weak point in the security system had such serious consequences.
In the course of the attack, internal Ema documents ended up on the network, including combined extracts of captured emails. This could be part of a disinformation campaign aimed at undermining trust in Ema, the EU or the safety of vaccines.
Allegedly just one of two major incidents
There were indications from investigators that state actors could be behind the attack as early as December. At the time, however, it was said that it was still unclear which state could be responsible for the attack.
The drug authority has not yet commented on the details that »de Volkskrant« has now published on the alleged Russian attack. A SPIEGEL request on the subject went unanswered on Saturday. The agency only confirmed to the Reuters news agency that criminal investigations into the hack, in which Ema itself was also involved, are still ongoing.
The Russian Foreign Ministry has not yet commented to Reuters on the allegations that the attackers were working on behalf of Russia. Moscow regularly denies involvement in hacker attacks.
Incidentally, the Ema hack is said to have been exposed after a few weeks when a system manager of the authority checked so-called log data. He noticed that a certain employee regularly logged into the network outside of office hours, it is said.
[ source link ]
Russian hackers allegedly Ema system weeks