An EMA spokesperson did not return a request for comment seeking information if the attack targeted its vaccine approval process or if it was a financially-motivated attack like ransomware.
Nonetheless, in a follow-up statement released on its own website, BioNTech said that "some documents relating to the regulatory submission for Pfizer and BioNTech's COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed" during the attack, confirming that COVID-19 research was most likely the target of the attack.
Over the past months, numerous companies working on COVID-19 research and vaccines have been the targets of hackers, and especially of state-sponsored hacking groups.
Companies like Johnson & Johnson, Novavax, Genexine, Shin Poong Pharmaceutical, Celltrion, AstraZeneca, Moderna, and Gilead have been targeted by hackers, according to reports from Reuters and the Wall Street Journal.
Speaking at the Aspen Cyber Summit last week, Marene Allison, the Chief Information Security Officer at Johnson & Johnson, said companies like her employer are seeing cyber-attacks from nation-state threat actors "every single minute of every single day."