Hackers targett Covid vaccine supply 'cold chain'

Published
07/12/2020

Following government warnings about the threat against aspects of vaccine research, IBM says its cyber-threat security team tracked a campaign aimed at the ‘cold chain’ which is used to keep vaccines at the right temperature during transportation.

Although the attackers’ identity is not yet known, the level of sophistication would suggest a nation state.

IBM says it believes the campaign started in September 2020, using phishing emails sent out across six countries, targeting organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance which helps to distribute vaccines around the world to some of the poorest regions. A ‘cold chain’ is sometimes required in order to do this, for example, the Pfizer-BioNTech vaccine (not the target of this particular campaign) needs to be kept at a temperature of -70C while it is moved about.

To increase the likelihood of targets engaging with the phishing email, the attackers impersonated a business executive from a legitimate Chinese company involved in CCEOP’s supply cold chain. The emails, containing malicious code, were then set to transportation organisations asking for people’s log in details which could have empowered the attackers with the understanding of the infrastructure that will be used to distribute vaccines.

As IBM noted: ‘Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.’ And wider ‘precision targeting’ included the European Commission’s Directorate General Taxation and Customs Union; companies involved in manufacturing solar panels, which can be used to keep vaccines cold in places where reliable power is not available; a South Korean software-development company; and a German website-development company, which supports clients associated with pharmaceutical manufacturers, container transport, biotechnology and manufacturers of electrical components for communications

IBM says it has notified those targeted as well as law-enforcement authorities; and CISA, the US’s Cybersecurity and Infrastructure Security Agency has issued an alert to encourage organisations involved in the storage and transportation of a vaccine to be on guard for the type of attacks IBM’s report refers to.

There have been various reports from the UK and the US about countries targeting vaccine research. So far, officials suggest the activity has been focused on gathering intelligence, rather than the disruption of the research.