- IBM researchers have found that a phishing group is targeting organisations associated with the distribution of Covid-19 vaccines.
- The researchers suspect a nation-state actor rather than a private individual or group and have sounded alarm over hackers targeting vaccine companies.
- Hackers sent emails pretending to be executives from CCEOP suppliers to acquire credentials of targets that could be used later to access sensitive information.
The UK is set to become the first country to roll out the Pfizer-BioNTech Covid-19 vaccine with Britain giving emergency use approval for the vaccine last week. The first doses are set to be administered on December 8, as per reports. Meanwhile, Pfizer has also become the first pharmaceutical firm to seek from the Drugs Controller General of India (DCGI) an emergency use authorisation for its Covid-19 vaccine in the country.
However, government officials have expressed concern over the feasibility of the vaccine because of the extremely low temperature of minus 70 degrees Celsius required for its storage. On Sunday, the Serum Institute of India (SII) in Pune also applied to the DCGI seeking emergency use authorisation for the Oxford-AstraZeneca Covid-19 vaccine in the country.
The supply chain of Covid-19 vaccines has attracted hackers that are targeting organisations related to their Cold Chain Equipment Optimization Platform (CCEOP), which aims to distribute and improve the technology that can keep vaccines at very cold temperatures, IBM researchers have found.
These include the European Commission's Directorate-General for Taxation and Customs Union, and organizations within the energy, manufacturing, website creation and software and internet security solutions sectors.
A global phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020. Analysts Claire Zaboeva and Melissa Frydrych of IBM X-Force IRIS, in a blog post, noted that the phishing campaign spans six regions including Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.
Researchers found that the people behind the phishing operation sent emails to the organizations' executives claiming to be an executive from CCEOP supplier Haier Biomedical. The company is the world's only complete cold chain provider, as per the blog.
"Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain," the blog post read. "We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution."
It is not yet clear who is behind this campaign, but the researchers suspect a nation-state actor rather than a private individual or group. "Without a clear path to a cash-out, cybercriminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets," the blog post read. "Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target."
The hackers went through "an exceptional amount of effort," IBM analyst Claire Zaboeva told Reuters. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said. "Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic," she said.
IBM has recommended that companies involved in COVID-19 vaccine storage and transport "be vigilant and remain on high alert during this time." The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert encouraging the organizations to review IBM's report.