Hackers Target Covid-19 Cold Chain, Warns IBM

Researchers with IBM Security X-Force have warned that nation state hackers have been targetting companies critical to the distribution of two of the three Covid-19 vaccines.

At the moment, the German Pfizer-BioNTech vaccine needs to be kept at a temperature of about -70C (colder than Antarctica) until the day it is used to maintain the integrity of the doses’ genetic material. This requires specialist medical freezers.

The American Moderna vaccine meanwhile also needs to be frozen, but only at minus 20 Celsius, more like a regular freezer.

Cold chain

The UK’s Oxford/AstraZeneca vaccine however only needs to be stored at between 2C and 8C – making it a much easier vaccine to administer in the community. It is also much cheaper than its rivals.

With the critical importance of the cold chain for two of the three leading vaccines, the logistics of the supply chain integrity is critical, but IBM announced that it had uncovered “a global phishing campaign targeting the Covid-19 vaccine cold chain.”

When the Coronavirus pandemic began, IBM Security X-Force created a threat intelligence task force dedicated to tracking down Covid-19 cyber threats against organisations that are keeping the vaccine supply chain moving.

“As part of these efforts, our team recently uncovered a global phishing campaign targeting organisations associated with a Covid-19 cold chain,” said IBM. “The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.”

IBM said the global phishing campaign began in September this year, and “targeted organisations likely associated with Gavi, the Vaccine Alliance’s Cold Chain Equipment Optimisation Platform (CCEOP) program.”

Who dun it?

So who is responsible for the cyberattacks?

IBM was clear about who it thought was responsible.

“While firm attribution could not be established for this campaign, the precision targeting of executives and key global organisations hold the potential hallmarks of nation-state tradecraft,” said the IBM researchers.

It seems the hackers impersonated a business executive from Haier Biomedical, a credible and legitimate Chinese company of the Covid-19 vaccine supply chain and qualified supplier for the CCEOP program.

Disguised as this employee, the adversary sent phishing emails to organisations believed to be providers of material support to meet transportation needs within the Covid-19 cold chain.

“We assess that the purpose of this Covid-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the Covid-19 vaccine distribution,” said IBM.

Targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organisations within the energy, manufacturing, website creation and software and internet security solutions sectors.

IBM Security X-Force warned all companies in the Covid-19 supply chain to be vigilant and remain on high alert during this time.

Other warnings

Cyberattacks against vaccine specialists, healthcare, and drugmakers have risen during the Covid-19 pandemic, as state-backed and criminal hacking groups sought to obtain vital data from rival nations.

Last week Reuters reported that suspected North Korean hackers tried in recent weeks to break into the systems of British drugmaker AstraZeneca.

It comes after UK and US intelligence officials have previously warned that hackers were attempting to breach the cyber defences of vaccine makers.

In July the US Department of Justice (DoJ) issued formal charges against two Chinese nationals, accused of stealing hundreds of millions of dollars’ worth of trade secrets and intellectual property.

The two Chinese nationals were also accused of targeting researchers developing a vaccine for the coronavirus.

Earlier in July, both UK and US intelligence agencies warned that Russian hacking group APT29 (also known as Cozy Bear) was actively targeting researchers developing a Covid-19 vaccine.

Stolen vaccine data can be sold for a healthy profit, western officials have warned, or used to extort vaccine makers, or provide valuable intelligence for foreign governments.