IBM identifies phishing threat to covid-19 vaccine ‘cold chain’

Cyber criminals are targeting vaccination efforts in the latest attack uncovered by IT industry experts

by Patrick Sullivan, Political Editor on 3 December 2020 21:02


IBM research staff have uncovered cyber-espionage targeting international COVID-19 vaccine supply chain intelligence. The computing giant’s security division identified phishing emails targeted at key recipients, seemingly in efforts to gather vital information on the World Health Organization’s initiative for distributing a vaccine to developing countries. While academics are not sure who was behind the attack which began in September, or whether it had been successful, the precision targeting bore ‘the potential hallmarks of nation-state tradecraft,’ according to an IBM source.

The discovery follows warnings and reports that cybercriminals could target vaccine research and supply chains to cause economic and societal disruption. The phishing campaign was targeted across countries including Germany, Italy, South Korea, and Taiwan, and is likely associated with the “cold chain” required to ensure the vaccines are refrigerated, and therefore remain effective, throughout the shipping process.

The attackers impersonated a business executive from a legitimate Chinese company Haier Biomedical, a Chinese company considered the world’s main cold-chain supplier. They then sent phishing emails to organizations that provided transportation, which contained malicious code, and asked for people’s login credentials.

Targets included the European Commission’s Directorate-General for Taxation and Customs Union and companies that make solar panels for powering portable vaccine refrigerators. Other targets were petrochemical companies, likely because they produce dry ice, which is used in the cold chain, Claire Zaboeva, an IBM analyst told the Associated Press. 

“The purpose of this concerted attack on the Covid vaccine supply ‘cold chain’ is likely to acquire leverage in a multi-million-pound ransomware attempt, to sell key data on the ‘black market’ to the highest international bidder, or, quite simply, to disrupt,” said Chris Ross, SVP sales, international, for Barracuda Networks.

Ross continued: “This is the first time that a significant phishing campaign has been used on a global scale to disrupt the progress of our battle with the coronavirus – this issue must be taken extremely seriously by all afflicted targets and organizations who have anything to do with the logistics, transport or distribution of the vaccine, who may have already been breached, and do not yet know it.”

blog comments powered by Disqus