The report emerged as drug companies around the world race to produce an effective jab to counter a virus that has now killed more than 940,000 people and infected 30 million.
It was not clear what information was taken, when it happened, nor how important it was, with the paper citing sources privy to the attack.
Quoted in the article, Spain's secret service chief Paz Esteban said hackers had mounted “a particularly virulent campaign targeting laboratories working on the search for a vaccine” not only in Spain but elsewhere.
Speaking to journalists on Thursday, Esteban who heads the CNI intelligence services, said there had been a “qualitative and quantitative” increase in attacks during lockdown, with hackers targeting “sensitive sectors such as
healthcare and pharmaceuticals”.
Such attacks had multiplied in other countries involved in efforts to develop a vaccine, prompting an exchange of information between their respective spy services, she said.
Most attacks were carried out by hackers from China and Russia, often from state organisations, but also by criminal organisations and universities who trade in hacked data, security sources said.
But the attack in which Spanish data were stolen was launched by Chinese hackers, they said.
The CNI was not immediately available to comment on the report.
In July, a court in the US state of Washington charged two Chinese nationals with stealing terabytes of data from hundreds of computer systems all over the world, in some cases on behalf of Chinese government agencies.
The hacking, which took place over a decade, had more recently involved looking for vulnerabilities in the systems of firms developing Covid-19 vaccines, testing technology, and treatments, the US justice department said.
Spain was one of 11 countries named in the indictment as being targeted by the attacks.