IBM: Cyber Hackers Targets Covid-16 Vaccine Supply Chain

IBM’s cybersecurity experts have discovered a global phishing campaign targeting organizations responsible for Covid-19 cold chain. In a blog post on Thursday, the tech company’s researchers have disclosed that the hackers have started the campaign in September 2020 and are focused in collecting information on organizations that are distributing the vaccines in developing countries. Although it is still unclear who is behind the illegal campaign or what the motives are, the Cybersecurity and Infrastructure Security Agency (CISA) has already alerted and urged the organizations to “be vigilant and remain on high alert during this time.”

Fox Business: Cybersecurity researchers at IBM say they have uncovered a global campaign to collect information on distributing the Covid-19 vaccine to developing countries.

Screenshot from Fox Business

Fox Business revealed that the global phishing campaign was aimed at organizations associated with the COVID-19 cold chain, used to make sure the vaccines are safely preserved in temperature-controlled environments during storage and transportation.

The researchers noted the phishing campaign started in September, spanning six countries — including Germany, Italy and South Korea — and targeted organizations that are associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program

According to IBM, the campaign’s targets are likely associated with the development of the “cold chain” needed to ensure coronavirus vaccines get the nonstop sterile refrigeration they need to be effective for the nearly 3 billion people who live where temperature-controlled storage is insufficient.

The Verge: It’s not yet clear who’s behind this campaign, but the researchers suspect a nation-state actor rather than a private individual or group 

Screenshot from The Verge

In a related report by The Verge, IBM’s blog post said the people behind the phishing operation sent emails to the organizations’ executives claiming to be an executive from CCEOP supplier Haier Biomedical. The emails, which purported to request quotations related to CCEOP, contained HTML attachments which asked for the opener’s credentials, which the actor could store and use to gain unauthorized access down the line.

It’s not yet clear who’s behind this campaign, but the researchers suspect a nation-state actor rather than a private individual or group. “Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” the blog post reads. “Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.”