Hackers Targeting Covid-19 Vaccine Supply Chain, IBM Warns

Text size

With multiple vaccines close to becoming available in a world gripped by the coronavirus pandemic, manufacturers have become the target of hackers trying to steal trade secrets or disrupt supply chains.

IBM warned Thursday that it had uncovered a series of cyber attacks, potentially carried out by state actors, against companies involved in the effort to distribute vaccine doses, which must be kept cold.

IBM said the European Commission’s Directorate-General for Taxation and Customs Union was one target of the attacks, as well as European and Asian companies involved in the supply chain, whose names have not been disclosed.

“Our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain,” Claire Zaboeva and Melissa Frydrych, analysts for IBM X-Force, a cyber security working group, wrote in a blog post.

The purpose “may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”

It was unclear if the attacks were successful, IBM said, and while it could not identify those behind the attacks, the precision of the operation signals “the potential hallmarks of nation-state tradecraft.”

The vaccine developed by Pfizer and German company BioNTech, which on Wednesday got the green light from Britain to distribute its vaccine, must be stored below -70 degrees Celsius to ensure its effectiveness.

That means it will require specialized logistics companies such as Haier Biomedical, a Chinese-owned cold chain supply company working with the World Health Organization and the United Nations.

Hackers impersonated an executive from Haier Biomedical, and “disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs…