International. With Pfizer and Moderna announcing promising results from their COVID-19 vaccine trials, countries face a new challenge when it comes to the widespread distribution of these effective vaccines: the cold chain.
These vaccines require a cold chain, that is, a temperature-controlled supply chain that maintains the desired temperature range throughout distribution. New research from IBM Security X-Force reveals that the cold chain is being targeted in a precision phishing campaign.
IBM Security X-Force published threat research revealing the discovery of a highly targeted operation against the COVID-19 vaccine cold chain that supports gavi Alliance and UNICEF efforts to safely transport a vaccine to underdeveloped regions. These regions also rely on outside help to store their vaccines in temperature-controlled environments. This campaign bears the stamp of a state-sponsored attack.
Some of the elements detailed in IBM's research include:
The attackers posed as a key person from a Chinese biomedical company to carry out spear-phishing attacks against global organizations that provide material support to the cold chain.
- Credential collection attempts against global organizations in at least six countries to access sensitive information related to the transport and distribution of vaccines.
The entities involved in this targeting are meticulously interconnected, which guarantees significant resources and time of the adversary to execute this campaign. IBM is publishing this research to alert the COVID-19 supply chain as a whole.
Some IBM Security X-Force analysis details of this activity include:
The cover story – the adversary posed as a commercial executive of Haier Biomedical, a legitimate and credible member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program. The company is supposedly the only complete cold chain supplier in the world. Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain. We assess that the purpose of this COVID-19 phishing campaign may have been to collect credentials, possibly to gain future unauthorized access to corporate networks and sensitive information related to the distribution of the COVID-19 vaccine.
The objectives - The targets included the European Commission's Directorate-General for Taxation and Customs Union, as well as organisations within the energy, manufacturing, website creation and Internet security software and solutions sectors. These are global organizations with headquarters in Germany, Italy, South Korea, Czech Republic, Europe and Taiwan.
The how - Spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in the company's efforts to support a vaccine cold chain. We also identified instances where this activity was extended to the entire organization to include help and support pages of the selected organizations.
IBM Security X-Force has followed responsible disclosure protocols and notified the appropriate entities and authorities of this targeted operation.
COVID-19 Supply Chain Alert
IBM Security X-Force urges companies in the COVID-19 supply chain, from therapy research, healthcare delivery to vaccine distribution, to be vigilant and on high alert during this time. Governments have already warned that foreign entities are likely to attempt cyberespionage to steal vaccine information. Today, DHS CISA is issuing an alert encouraging organizations associated with the storage and transportation of a vaccine to review this research and recommended best practices to remain vigilant.
Who is probably behind these attacks?
While attribution is currently unknown, the precise orientation and nature of the specific target organizations potentially point to nation-state activity. Without a clear path to a cash withdrawal, cybercriminals are unlikely to devote the time and resources necessary to execute such a calculated operation with so many interconnected and globally distributed targets. Similarly, information about the transportation of a vaccine may represent a hot product on the black market, however, advanced information about the purchase and movement of a vaccine that can affect life and the world economy is likely a nation of high value and high priority. state objective.
Source: IBM.
