IBM security researchers said that since September 2020, a global phishing campaign has been targeting organizations related to COVID-19 vaccine distribution. IBM X-Force IRIS analysts Claire Zaboeva and Melissa Frydrych announced in a blog post that phishing activities span six regions: Germany, Italy, South Korea, the Czech Republic, Greater Europe, and Taiwan.
This movement seems to be focused on the “cold chain”, which is the part of the vaccine supply chain that maintains the cold dose during storage and transportation. Some vaccines need to be kept at extremely low temperatures to remain effective. For example, Pfizer recommends storing its COVID-19 vaccine at a negative temperature of 70 degrees Celsius (the cold winter in Antarctica).
This presents logistical challenges for the pharmaceutical company, which will need to ship millions of doses of drugs globally at this temperature.
The attack focused on groups related to the international organization Gavi, which promotes the acquisition and distribution of vaccines. Specifically, it targets organizations related to its Cold Chain Equipment Optimization Platform (CCEOP), which aims to distribute and improve technologies that can keep vaccines at extremely low temperatures.
These include the European Commission’s Directorate-General for Taxation and Customs Union, and “organizations in the fields of energy, manufacturing, website creation, and software and Internet security solutions.”
According to the blog post, the people behind the phishing operation sent emails to executives of the organization, claiming that they were executives of Haier Biomedical, a CCEOP supplier.
These e-mails allegedly asked for a CCEOP-related quotation and contained HTML attachments that required the credentials of the opener, which participants could store and use for unauthorized access.
The blog post read: “The purpose of our assessment of this COVID-19 phishing campaign may be to obtain a certificate, and it may be an opportunity to gain unauthorized access to the company’s network and sensitive information related to the distribution of the COVID-19 vaccine in the future.”
It is not clear who initiated the movement, but researchers suspect that it is a nation-state actor, not a private person or a group. The blog post wrote: “Without a clear way to redeem it, cybercriminals are unlikely to spend time and resources to execute such a multitude of interconnected and globally distributed targets to carry out such a planned action,” “In-depth understanding of the possible impact of life The purchase and circulation of vaccines in the global economy may be a high-value and high-priority national goal.”
IBM recommends that companies involved in the storage and transportation of the COVID-19 vaccine “remain vigilant and remain highly vigilant during this period.” The Cyber Security and Infrastructure Security Agency (CISA) issued an alert to encourage organizations to view IBM’s report.
This year, the development of a COVID-19 vaccine has been the target of multiple cyber attacks. The U.S. government accused China in May of providing funding and operating hacker organizations to steal vaccine research from the U.S. and its allies, and in July accused two Chinese hackers of stealing data from companies engaged in COVID-19 treatment and vaccines.
Authorities in the United States, Britain, and Canada condemned the attack by an organization related to the Russian intelligence service against organizations involved in vaccine development this summer. In November last year, Microsoft detected cyber attacks on companies using the COVID-19 vaccine by ethnic actors in Russia and North Korea during various clinical trials.
Several companies including Pfizer/BioNTech and Moderna have submitted the COVID-19 vaccine to the Food and Drug Administration for review. The FDA’s vaccine advisory community will review these applications in mid-December; if the vaccine is approved, it will begin distribution soon.
Moderna expects to have as many as 20 million doses of vaccine by the end of 2020, while Pfizer may provide as many as 25 million doses.