As the global race for the development, authorization and distribution of a coronavirus vaccine intensifies, IBM cybersecurity experts warned that the international vaccine supply chain has become the latest “victim” of hackers.
According to the global technology giant, the phishing scheme targeted the delivery “cold chain”, namely the organizations that are involved in the COVID-19 vaccine supply chain. For the moment, the attackers have not been identified but the precise method and skills “hold the potential hallmarks of nation-state tradecraft.”
IBM officials said the phishing campaign was started sometime in September 2020, with emails spanning across six countries associated with the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance.
The World Health Organization, Unicef, the World Bank and the Bill & Melinda Gates Foundation are among the partners of Gavi which provide material support for the worldwide distribution of the COVID-19 vaccines, even to some of the poorest parts of the globe.
“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” stated IBM security researchers.
The IBM revealed that the phishing emails were sent on behalf of an executive from a legitimate Chinese company, part of CCEOP’s supply cold chain, to make the emails more trustworthy. The recipients of the emails with malicious codes (all part of organizations involved in providing transportation and other needs within the vaccine supply cold chain) were asked to log in their credentials. This step would have enabled the cyberspies to gain access to information on how governments intended to distribute the vaccines.
“Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target,” IBM said. Cybersecurity specialists warned companies to be cautious and “remain on high alert during this time.”
According to IBM, targets of the espionage campaign included:
- the European Commission’s Directorate-General Taxation and Customs Union
- various companies manufacturing solar panels, which can be used for vaccine refrigerator, companies associated with petrochemicals and production of dry ice
- a South Korean software-development company
- a German website-development company, as well as other organizations in Italy, Czech Republic and Taiwan.
IBM researchers claimed the precision, intricacy, and skill with which the phishing scheme was conducted point to a nation-state’s activity. “Without a clear path to a [pay]out, cyber-criminals are unlikely to devote the time and resources required to execute such a calculated operation.”
Apparently, this was not the first time a cyberattack meant to collect data about the COVID-19 vaccines took place. In July 2020, the UK claimed Russian spies aimed at UK organizations involved in the development of the vaccine, including Oxford. Russia denied the allegations.
This latest hacker attack comes at a time when everyone is restlessly waiting for the vaccine to be distributed all over the world. The U.K. authorized a COVID-19 vaccine on Wednesday, becoming the first country to do so; the U.S. authorities announced they are making all efforts to authorize a vaccine by the end of this month.
In the meantime, the virus continues its surge across the U.S., with the highest death toll so far since the pandemic started, recorded on Wednesday.