The international vaccine supply chain has been targeted by cyber-espionage, according to IBM.
The company says it tracked a campaign aimed at the delivery “cold chain” used to keep vaccines at the right temperature during transportation.
The attackers’ identity is unclear – but IBM said the sophistication of their methods indicated a nation state.
It follows warnings from governments – including the UK’s – of countries targeting aspects of vaccine research.
IBM’s cyber security unit found a global phishing campaign was targeting “organizations associated with a COVID-19 cold chain,” it said in a blog post, referring to the supply chain of companies involved in the handling of COVID-19 vaccines that need to be preserved at low temperatures.
Hackers sent so-called spear phishing emails to organizations and companies impersonating a business executive from Haier Biomedical, a Chinese firm that is a market leader in providing cold chain technology. The emails contained attachments through which hackers tried to steal credentials like passwords and login details.
The emails went out to a wide range of targets. IBM identified one by name: the Commission’s Directorate-General for Taxation and Customs Union. Other targets were located in Germany, Italy, South Korea, Czech Republic, other parts of Europe and Taiwan.
A spokesperson for the European Commission said it was still analyzing the attack and added “we have taken the necessary steps to mitigate the attack … We investigate every incident.”
Hackers started their campaign in September, IBM said, adding it was unclear if hackers succeeded in breaching their targets. Hackers were likely trying to “gain future unauthorized access to corporate networks and sensitive information,” it added.
“The precision targeting and nature of the specific targeted organizations potentially point to nation-state activity,” IBM said, without specifying which state.
IBM “urges companies in the COVID-19 supply chain – from research of therapies, healthcare delivery to distribution of a vaccine – to be vigilant and remain on high alert during this time,” said Claire Zaboeva, a threat analyst at the company’s X-Force cyber security division.
“Governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines.”
Based on IBM’s findings, the Cyber security and Infrastructure Security Agency (CISA) of the US Department of Homeland Security issued its own warning, encouraging “all organizations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space,” said Josh Corman, CISA’s chief strategist for healthcare.
Britain’s National Cyber Security Centre (NCSC) would not comment on the report directly, but said that it was engaged in “ongoing and proactive support” to vaccine “research, manufacturing and supply chains” in the fight against cyber-attacks.
The vaccine “cold chain” is the logistics network that allows for vaccines to be transported from their site of manufacture to primary care clinics around the world at the cold temperatures required for their efficacy.
It is particularly important for Pfizer’s COVID-19 vaccine, which on Wednesday became the first to be approved by the UK. That vaccine needs to be kept at temperatures as low as -80C for long-term storage, though it can spend up to a week at temperatures closer to a conventional fridge.
The phishing attack identified by IBM comes after it emerged that intelligence organizations had begun to notice that hostile-state hackers from countries such as Russia, China, Iran and North Korea have shifted their targeting of corona virus secrets away from the vaccines themselves and towards trial results and methods of mass production.
A particular focus is how vaccines like the one from Pfizer and BioNTech can be manufactured and distributed, intelligence sources add, with hostile states seeking to steal vaccine secrets so they can potentially copy western processes for themselves.
Britain’s NCSC wants organizations to be vigilant, particularly over the type of “spear phishing” attack cited by IBM, in which employees of a company in the COVID supply chain are targeted with carefully crafted emails from an apparently plausible person, designed to persuade people to click on a malicious link disguised as a news story, a job offer or something similar.
In order to coordinate the huge logistical challenge of producing, shipping and administering the vaccine, UNICEF and vaccination partnership Gavi, working through a programme launched in 2015 called the Cold Chain Equipment Optimization Platform (CCEOP), have been bringing together private and public sector organizations from around the world to accelerate efforts.
It was CCEOP members, including the European commission’s Directorate-General for Taxation and Customs Union, and other global organizations headquartered in South Korea, Taiwan, Italy and elsewhere, who were targeted by the phishing campaign. The phishing emails, purportedly from China’s Haier Biomedical, “were sent to select executives in sales, procurement, information technology and finance positions”, according to Zaboeva.
Attribution of hacking campaigns is notoriously difficult but Zaboeva said a nation state may be behind the attacks. “The precision targeting and nature of the specific targeted organizations potentially point to nation-state activity.”
Information about COVID vaccine projects has come under attack from hackers before. Last month, Reuters reported that suspected North Korean hackers had tried to break into the systems of AstraZeneca, posing as recruiters trying to approach staff with fake job offers before sending them emails with malicious code.
Keep Reading :