Hackers targeting Covid-19 vaccine supply chain, IBM warns

Hackers are targeting the coronavirus vaccine supply chain, IBM warned Thursday, saying it had uncovered a series of cyber attacks against companies involved in the effort to distribute doses around the world.

It was “unclear” if the attacks were successful, IBM said, adding that they were potentially carried out by state actors.

“Our team recently uncovered a global phishing campaign targeting organisations associated with a Covid-19 cold chain,” Claire Zaboeva and Melissa Frydrych, analysts for IBM X-Force, a cyber security working group, wrote in a blog post.

The European Commission’s Directorate-General for Taxation and Customs Union was one target, as were energy and IT companies based in Germany, Italy, the Czech Republic, South Korea and Taiwan.

The hackers impersonated an executive from Haier Biomedical, a Chinese-owned cold chain supply company working with the World Health Organization and the United Nations, IBM said.

“Disguised as this employee, the adversary sent phishing emails to organisations believed to be providers of material support to meet transportation needs within the Covid-19 cold chain,” Zaboeva and Frydrych wrote.

The purpose “may have been to harvest credentials, possibly to gain future unauthorised access to corporate networks and sensitive information relating to the Covid-19 vaccine distribution”.

Some of the vaccines being developed against Covid-19 must be stored at temperatures well below that of a normal fridge. Distribution, therefore, requires specialised logistics companies such as Haier Biomedical.

IBM said it could not identify those behind the attacks – but that the precision of the operation signals “the potential hallmarks of nation-state tradecraft”.

“Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” Zaboeva and Frydrych wrote.

The US federal cyber security agency, Cisa, said the IBM report should be taken seriously by organisations involved in the vaccine supply chain.

“Cisa encourages all organisations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space,” Josh Corman, a Cisa strategist, told AFP.