Hackers Target COVID-19 Vaccine Supply Chain, IBM Says

A global phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to IBM security researchers.

In a blog post, analysts Claire Zaboeva and Melissa Frydrych of IBM X-Force IRIS announced that the phishing campaign spanned six regions: Germany, Italy, South Korea, Czech Republic , greater Europe and Taiwan.

The campaign appears to focus on the “cold chain,” the segment of the vaccine supply chain that keeps doses cold during storage and transport. Some vaccines need to be kept at extremely low temperatures to remain potent. Pfizer, for example, recommends that its COVID-19 vaccine be stored at a negative temperature of 70 degrees Celsius (colder than winter in Antarctica). This poses a logistical challenge for the pharmaceutical company, which will have to transport millions and millions of doses around the world at this temperature.

The attacks have focused on groups associated with Gavi, an international organization that promotes access and distribution of vaccines. Specifically, it targeted organizations linked to their Cold Chain Equipment Optimization Platform (CCEOP), which aims to distribute and improve technology to keep vaccines at very cold temperatures. These included the European Commission’s Directorate-General for Taxation and Customs Union, as well as’ organizations in the energy, manufacturing, website and software and industry sectors. Internet security solutions ”.

According to the blog post, those responsible for the phishing operation sent emails to the organization’s executives, claiming to be an executive at supplier CCEOP Haier Biomedical. The emails, which purported to ask for quotes related to CCEOP, contained HTML attachments that requested the opener’s credentials, which the actor could store and use to gain unauthorized access down the line.

“We believe that the purpose of this COVID-19 phishing campaign may have been to collect identifying information, possibly to gain unauthorized access to corporate networks and sensitive information related to the future in the future. distribution of the COVID-19 vaccine, ”the blog read.

It is not yet clear who is behind this campaign, but researchers suspect a nation-state actor rather than a private individual or group. “Without a clear path to withdrawal, cybercriminals are unlikely to dedicate the time and resources necessary to execute such a calculated operation with so many interconnected and globally distributed targets,” the blog post read. . “In-depth knowledge of the purchase and circulation of a vaccine that can impact life and the global economy is likely a high-value and high-priority target for nation states.”

IBM recommends that companies involved in the storage and transport of COVID-19 vaccines “be vigilant and remain on high alert during this period.” The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert encouraging organizations to review IBM’s report.

Research and development for the COVID-19 vaccine has been the target of multiple cyberattacks this year. The US government accused China of funding and exploiting hacking cells to steal vaccine research from the US and its allies in May, and accused two Chinese hackers of stealing data from companies working on COVID-19 treatments and vaccines in July. Authorities in the United States, Britain and Canada have denounced attacks by a group associated with Russian intelligence services against organizations involved in vaccine development this summer. In November, Microsoft detected cyberattacks by nation-state actors in Russia and North Korea against companies using COVID-19 vaccines at various stages of clinical trials.

Several companies have submitted COVID-19 vaccines for review to the Food and Drug Administration, including Pfizer / BioNTech and Moderna. The FDA vaccine advisory community will review applications in mid-December; if vaccines are authorized, distribution will begin shortly thereafter. Moderna expects to have up to 20 million doses of its vaccine by the end of 2020, while Pfizer could provide up to 25 million.