On Thursday, IBM and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) released joint statements warning that hackers are targeting companies associated with the supply and distribution chain of impending COVID-19 vaccines. 


What You Need To Know

  • The DHS and IBM are warning that hackers have targeted companies associated with the supply and distribution of impending COVID-19 vaccines

  • The unnamed actor or actors impersonated a business executive from Haier Biomedical, an actual company affiliated with the global supply chain of a COVID vaccine

  • IBM says it is "unclear from our analysis if the COVID-19 phishing campaign was successful"

  • The DHS is advising Operation Warp Speed companies to review the message released by IBM for information about indicators of compromise

IBM, whose security task force first flagged the threat, said in a statement they “recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain.” The “cold chain” is a critical component of vaccine distribution, as vaccines must be kept at sub-zero temperatures during shipment to preserve their supply. Some, like that of Pfizer-BioNTech, must be stored and shipped at ultra-cold temperatures of around minus 70 degrees Celsius (minus 94 degrees Fahrenheit).

According to IBM, the phishing campaign began as far back as September and targeted officials across six countries. The unnamed actor or actors impersonated a business executive from Haier Biomedical an actual company affiliated with the global supply chain of a COVID vaccine and member of Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. 

Haier Biomedical is reportedly the world’s only complete cold chain provider to date, according to IBM. 

Phishing email sent to executives in organizations related to the COVID-19 vaccine supply chain (via IBM)

 

“Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain,” IBM’s statement read in part. “We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”

The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan. All of the targeted organizations were part of the “energy, manufacturing, website creation and software and internet security solutions sectors,” IBM said. 

While it is unclear who was responsible for the attacks and what a potential motive might be, IBM said the coordinated nature of the phishing campaign may “potentially point to nation-state activity.”

At this time, IBM says it is "unclear from our analysis if the COVID-19 phishing campaign was successful.”

The statement from the DHS on Thursday encouraged “Operation Warp Speed (OWS) organizations and organizations involved in vaccine storage and transport” to review the message released by IBM for information about indicators of compromise. 

“IBM X-Force has released a report on malicious cyber actors targeting the COVID-19 cold chain—an integral part of delivering and storing a vaccine at safe temperatures,” the statement continued. “Impersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program.” 

Whoever was behind the phishing operation likely sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the blog post from IBM said. Coronavirus vaccines will be one of the world’s most sought-after products as they are distributed, so theft may also be a danger.

Last month, Microsoft said it had detected mostly unsuccessful attempts by state-backed Russian and North Korean hackers to steal data from leading pharmaceutical companies and vaccine researchers. It gave no information on how many succeeded or how serious those breaches were. Chinese state-backed hackers have also targeted vaccine makers, the U.S. government said in announcing criminal charges in July.

Microsoft said most of the targets — located in Canada, France, India, South Korea and the United States — were researching vaccines and COVID-19 treatments. It did not name the targets.

On Wednesday, Britain became the first to country to authorize a rigorously tested COVID-19 vaccine, the one developed by American drugmaker Pfizer and Germany’s BioNTech.

Other countries aren’t far behind: Regulators not only in the U.S. but in the European Union and Canada also are vetting the Pfizer vaccine along with a shot made by Moderna Inc. British and Canadian regulators are also considering a vaccine made by AstraZeneca and Oxford University.

Spectrum News has reached out to the Department of Homeland Security for more information.

The Associated Press contributed to this report.