Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain’: IBM

A special freezer manufactured by Binder, seen here in Tuttlingen, Germany in November 2020.

Photo: Thomas Kienzle (Getty Images)

Hackers “assumed to be state agents” have been waging a phishing campaign against pharmaceutical firms and other institutions involved in the forthcoming distribution of a vaccine against the novel coronavirus, IBM announced on Thursday.

In a post on Security Intelligence releasing their findings, IBM Security X-Force researchers wrote that “precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft,” adding the unknown hackers likely sought to obtain “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy.” The target, according to IBM, appears to be the “cold chain”—a term for the logistics network that allows vaccines and other drugs to be carried from point of manufacture to distribution in temperature-controlled shipping containers. What the attackers hoped to accomplish is unknown, with possible motives ranging from theft of technology to intel that could be used to undermine trust in the vaccine or disrupt distribution.

IBM researchers wrote that the individuals targeted firms in at least six countries and used tactics such as impersonating a Haier Biomedical executive to send spear-phishing emails and targeting the help and support pages of organizations. Many of the targets were linked to international vaccine alliance Gavi’s cold chain program and included European Union bodies key to vaccine distribution, UNICEF, companies that manufacture solar panels used in cold storage, and IT firms that protect pharmaceutical firms:

The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.

The spear-phishing emails sent included malicious HTML files that prompted recipients to enter their login credentials, which would pass them on to the attackers. Pfizer and Moderna, the two pharma firms manufacturing vaccines expected to begin…