The researchers tracked a malicious campaign that targeted the delivery cold chain needed to keep COVID-19 vaccines at the right temperature during transportation. Since the attacks are quite sophisticated, IBM suspects that nation-state actors are behind them.
According to the alert, cybercriminals are impersonating a biomedical company in the campaigns, sending “phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials.” The emails are masqueraded as requests for quotations for participation in a vaccine program.
IBM’s analysis shows that the operation started in September 2020. The phishing campaign affected targeted organizations in six countries, probably associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. “While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft,” the report says.
Details about the COVID-19 vaccine supply cold chain phishing campaigns
The malicious emails impersonated a business executive from Haier Biomedical, a member of the COVID-10 vaccine supply chain. It seems that Haier Biomedical is the world’s only complete cold chain provider. The phishing messages were sent to organizations supposed to provide material support to meet the vaccine’s transportation needs. The reason behind these phishing attempts may have been to harvest credentials to obtain further unauthorized access to corporate networks and other sensitive details related to the vaccine distribution.
Who was targeted? The European Commission’s Directorate-General for Taxation and Customs Union, and other organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These global organizations are headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan, IBM shares.
The malicious campaign was also delivering spearphishing emails sent to select executives in sales, procurement, information technology, and finance positions, likely involved in supporting a vaccine cold chain. IBM also identified organization-wide attempts to include help and support pages of targeted organizations.
More details about the malicious campaign against the COVID-19 vaccine support chain are available in IBM’s report.
More security stories related to the COVID-19 pandemic: