The hackers took measures to hide their tracks, and the cyber-sleuths did not name which state might be behind the campaign.
The IBM team said it was not known why the hackers were trying to penetrate the systems. It suggested the intruders might either want to steal information, glean details about technology or contracts, create confusion and distrust, or to disrupt the vaccine supply chains themselves.
The hackers likely sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the IBM team said.
As there was “no clear path to a cash-out,” as there is a ransomware attack, it increased the likelihood of a state actor, though the IBM sleuths cautioned it was still possible that criminals could be looking for ways to illegally obtain “a hot black-market commodity,” such as an initially scarce vaccine.
The new generation of RNA vaccines, such as the Pfizer product approved for emergency use by Britain on Wednesday, require sub-Antarctic temperatures for storage and transport. But even more traditional vaccines, such as the candidate being tested by Oxford University and its partner AstraZeneca, must be kept refrigerated.
The hackers targeted organizations linked to Gavi, a public-private vaccine alliance that seeks to supply vaccines to poor countries. The alliance works closely with the World Health Organization, donor countries, the global pharmaceutical industry and the Bill and Melinda Gates Foundation.
The cybersecurity agency encouraged all organizations in involved in the Trump administration’s Operation Warp Speed to be especially alert to challenges to their cold chain systems.
In a blog post, which was distributed to cybersecurity agencies, IBM said an intruder impersonated a business executive at Haier Biomedical, a legitimate Chinese company active in vaccine supply chain, which specializes in refrigeration of medical products. The impersonator sent emails to “executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.”
It’s unclear if any of the phishing attempts were successful.
In her post, Claire Zaboeva,…