The Amsterdam-based European drug regulator in December reported a cyberattack in which documents relating to COVID-19 vaccines and medicines were stolen and leaked on the internet.
The Russian foreign ministry did not immediately reply to a request for comment on Saturday, but Moscow has repeatedly denied western allegations of hacking.
China’s foreign ministry was not immediately available for comment. Beijing has said previously it firmly opposes and cracks down on all forms of cyber attacks.
The EMA launched an investigation with Dutch and European law enforcement authorities, but has so far provided no details on who may have carried out the attacks.
De Volkskrant on Saturday reported that the EMA was targeted by Chinese spies in the first half of 2020, followed by Russian intelligence agents later in the year.
The Chinese gained access by hacking the systems of a German university, the newspaper quoted sources as saying, while the Russians are alleged to have exploited flaws in the EMA’s two-step verification login and other types of cyberdefence.
“A criminal investigation by law enforcement authorities and other entities is ongoing and EMA is of course fully cooperating,” EMA spokeswoman Monika Benstetter said in an emailed response, declining further comment.
Reuters was not immediately able to reach the relevant enforcement agencies for comment on Saturday’s report.
The alleged Russian hackers had access to the EMA’s systems for more than a month, the sources told De Volkskrant.
They were mainly interested in which countries would use the COVID-19 vaccine developed by Pfizer and BioNTech and how much they would buy, the newspaper added.
Pfizer and BioNTech announced soon after the EMA’s initial disclosure that documents relating to their vaccine were accessed in the incident.