North Korea Accused of Hacking Pfizer for Vaccine Information

North Korea has been accused of hacking into Pfizer computer systems for information on the COVID-19 vaccine. Pfizer, an American pharmaceutical firm, partnered with German firm BioNTech to develop their vaccine. South Korea’s National Intelligence Service (NIS) held a closed-door meeting with the National Assembly Intelligence Committee on February 16. A member from the main opposition People Power Party, Representative Ha Tae-keung, said the NIS reported that the average daily cyberattacks in South Korea had increased 32 percent from the previous year. Ha also claimed that the NIS reported, “North Korea tried to obtain technology involving the COVID vaccine and treatment by using cyberwarfare to hack into Pfizer.” 

However, the NIS released a statement on the same morning refuting Ha’s claims: “The National Intelligence Service did not say that Pfizer was hacked by North Korea in a Q and A session of the briefing yesterday for the National Assembly Intelligence Committee.” Even though the NIS refuted Ha’s claims, he stood by his statement in posts on Facebook and in an interview with the Associated Press to say that the issue with Pfizer “was so clear that I didn’t even ask about it verbally.” Pfizer has yet to comment. 

There has also been debate regarding North Korea’s motivations for the alleged cyber attack. The country has reported zero cases of COVID-19, yet it is scheduled to receive about 2 million doses of a vaccine developed by AstraZeneca and Oxford University as a part of the World Health Organization’s COVAX sharing program. 

Dr. Kee B. Park, the director of the Korea Health Policy Project at Harvard Medical School and of the North Korea Program at Korean American Health Association weighed in, saying that North Korea was taking a “comprehensive approach… manufacturing their own [vaccines], maybe through GAVI (an organization involved with the COVAX program), maybe through bilateral channels.” Dr. Park’s explanation seems to imply that North Korea’s reportedly nonexistent cases are a false claim. Some experts have alleged that North Korea attempted to hack Pfizer in order to sell information on the vaccine rather than develop one. They reason that with harsh economic sanctions which impede trade, North Korea might be motivated to sell sensitive information or hold it ransom. 

This is not the first time North Korea has been involved in cyberattack accusations. Microsoft claimed in November of 2020 that North Korean groups called Zinc and Cerium and a Russian group called Fancy Bear targeted nine health organizations in cyberattacks. These targeted companies included Johnson & Johnson, Novavax, and AstraZeneca. Microsoft also claimed it was attacked by North Korean hackers disguised as World Health Organization officials.  

The disputing accounts of Representative Ha and the Korean National Intelligence Service and the lack of a response from Pfizer make it difficult to make a conclusion about the cyberattack accusations. However, many expect Pyongyang to uphold the same statement it has during past hacking accusations—claiming it has “nothing to do with cyberattacks.”