Nation-State Backed Hackers Tackle COVID Vaccine Supply Chain

Cyber ​​attackers have targeted the cold supply chain needed to deliver COVID-19 vaccines, according to a report detailing a sophisticated operation likely backed by a nation-state.

Hackers appeared to be trying to disrupt or steal information about vital processes in keeping vaccines cold as they moved from factories to hospitals and doctors’ offices.

According to the report of IBM’s Threat Intelligence Task Force, which advises businesses and the public sector on cybersecurity, they have targeted organizations associated with an alliance-managed cold chain platform for vaccines. Gavi, a public-private partnership for the development of immunization for the poorest countries.

Many COVID-19 vaccines need to be kept cold to prevent spoilage. The vaccine from Pfizer and BioNTech should be stored at minus 70 ° C to minus 80 ° C, while the vaccine from Moderna should be transported at minus 20 ° C.

The attackers claimed to be an executive at a Chinese ultra-cold refrigeration supplier to mount a phishing campaign trying to obtain usernames and passwords, according to the report.

Nick Rossmann, IBM’s global head of threat intelligence, said he believed the hackers were either seeking to disrupt the vaccine distribution process or to steal intellectual property.

“One aspect of the problem is cyber espionage: how do you get the vaccines out? How does the manufacturing process for refrigeration work? How do you manage the entire logistics chain? ” he said. “There is also the potential for disruption, being able to launch attacks that disrupt vaccines, and their distribution to undermine confidence in them around the world.”

He added that it was vital to treat the vaccine supply chain as “a new kind of critical global infrastructure” to help them secure products that could help end the pandemic.

“These refrigeration companies will not have the same security tools as advanced financial institutions,” he said.

The news prompted the US cyber agency on Wednesday to issue an official alert to other groups involved in the cold supply chain.

Claire Zaboeva, senior analyst of strategic cyber threats at IBM, said it could be the “tip of the iceberg” in a wider global campaign, as hackers try to find security loopholes and leap between companies and governments involved in mass immunization programs.

“It was an extremely well documented and well placed campaign. And that potentially indicates a very competent person or team, ”she said.

The IBM report describes a hacking campaign that spanned six countries, targeting the customs and taxation unit of the European Commission and organizations in the energy, industry and technology sector. The campaign began in September and the task force discovered the threat in October.

IBM researchers do not know if the hackers managed to gain access to the networks.

“Today’s report highlights the importance of cybersecurity due diligence at every stage of the vaccine supply chain,” said Josh Corman, Cybersecurity and Infrastructure Security Agency’s chief strategist for healthcare. health.

The FBI has been informed of the attacks. The Gavi vaccine alliance said it had “strong policies and processes in place to prevent such phishing and hacking attacks” and would continue to strengthen its security.

The European Commission said it was aware of the campaign and had taken “the necessary steps” to mitigate the attack. He added that he takes cybersecurity seriously and investigates every incident.

Additional reporting by Kadhim Shubber in Washington DC.

© 2020 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied or modified in any way.