Global efforts to produce and distribute a vaccine for Covid-19 could be at risk from cybercriminals according to new research from IBM.

At the beginning of the pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking cyber threats against organizations that are part of the vaccine supply chain. 

While the team has been monitoring the vaccine supply chain for months, it recently discovered a global phishing campaign targeting organizations associated with a Covid-19 cold chain. The cold chain is a component of the vaccine supply chain which ensures the safe preservation of vaccines in temperature-controlled environments during storage and transportation.

According to IBM’s analysis, the calculated operation began back in September, spanned across six countries and targeted organizations associated with The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program Gavi.

Targeting the Covid-19 supply chain

The attacker behind the global phishing campaign began by impersonating a business executive from Haier Biomedical which is a member company of the Covid-19 vaccine supply chain as well as a qualified supplier for the CCEOP program.

Disguised as an employee, the attacker sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the Covid-19 cold chain. IBM believes that the purpose of the campaign may have been to harvest credentials in order to gain future unauthorized access to corporate networks and sensitive information related to vaccine distribution.

The attacker’s targets included the European Commission’s Directorate-General for Taxation and Customs Union as well as global organizations in Germany, Italy, South Korea, the Czech Republic, greater Europe and Taiwan working in the energy, manufacturing, website creation, software and cybersecurity sectors. Spear phishing emails were sent to executives in sales, procurement, information technology and finance positions who were likely involved in company efforts to support a vaccine cold chain.

Governments around the world have already warned that foreign entities would be likely to attempt to conduct cyber espionage to steal information about vaccines and the CISA has issued an alert on the matter encouraging organizations involved in Operation Warp Speed to review IBM X-Force’s Attackers Are Targeting the COVID-19 Vaccine Cold Chain report.

Leave a Reply