Tech giant IBM delivered a stark warning today that hackers are targeting companies critical to the Covid vaccine "cold chain" - the process required to keep the doses at extremely cold temperatures as they are transported from manufacturers to clinics and vaccination centres around the world.
Vaccine. Credit: Bicanski / Pixnio
Credit: Bicanski / Pixnio
A blog post published earlier today by Claire Zaboeva, a senior strategic cyber threat analyst at IBM, said that the threat intelligence task force that had been created in order to track down threats related to the vaccine supply chain had uncovered "a global phishing campaign targeting organizations associated with a Covid-19 cold chain."
The US Cybersecurity and Infrastructure Security Agency reposted the IBM report, alerting those working on Operation Warp Speed - the government's national vaccine mission - to be vigilant.
Read more: EU vaccination scheme unlikely to commence until 2021
The creation of a secure cold chain is vital to the successful distribution of the vaccine developed by Pfizer and BioNTech, which needs to be kept at temperatures of -70°C (-94°F). Once it has been moved to a refrigerator, it must be administered within five days.
The Moderna vaccine presents less of a challenge though must still be kept at -20°C (-4°F). It can be stored at this temperature for up to six months. Once thawed and kept in a refrigerator between 2 and 8°C (36 and 46°F), it is good for up to 30 days.
In her blog, Zaboeva said IBM's cybersecurity unit had detected an advanced hacker group that was gathering information about the various aspects of the cold chain through the use of spear-phishing emails - a highly targeted form of a phishing scam.
She also said that analysis indicated the "calculated operation" began in September, spanned across six countries and targeted organisations likely associated with Gavi - the Geneva-based Vaccine Alliance - and its Cold Chain Equipment Optimization Platform (CCEOP).
Read more: EC pledges €300 million to Gavi in Coronavirus response
"While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft," Zaboeva wrote, adding that it was "highly likely that the adversary is intimately aware of critical components and participants of the cold chain."
The spear-phishing emails had been sent in the name of an executive at Haier Biomedical, a Chinese cold chain provider specialising in vaccine transport and the storage of biological samples.
According to the blog, IBM believes Haier Biomedical was chosen by the hackers as a cover because the company is "a credible and legitimate" part of the vaccine supply chain, a qualified CCEOP supplier, and the world's only complete cold chain provider.
Covid cold chain phishing email. Credit: IBM
The phishing email sent to organisations in the Covid-19 vaccine cold chain. Credit: IBM
Through the use of such a cover, those receiving the emails would be less likely to question its authenticity, enabling the hackers to "harvest credentials" with the intent to gain future access to sensitive information relating to the vaccine cold chain.
"An exceptional amount of effort" was taken, wrote Zaboeva, to appear legitimate with the hackers researching the various makes, models and pricing of Haier refrigeration units.
A report in Reuters said that Haier Biomedical has yet to respond to emails seeking comment.
Read more: EU set to buy 300m doses of Pfizer Covid vaccine
The hackers purportedly sent emails to around 10 different organisations though only one was named in the blog - the European Commission’s Directorate-General for Taxation and Customs Union, which is responsible for tax and customs issues across the EU and has helped set rules on the import of vaccines.
"Targeting this entity could serve as a single point of compromise impacting multiple high-value targets across the 27 member states of the European Union and beyond," Zaboeva said.
Another target was the energy sector. Specifically, companies making solar panels - important for powering refrigeration units in countries where reliable power is not always possible, and petrochemical firms - which supply dry ice, a byproduct of petroleum production and a key component of the cold chain.
The IT sector had also been targeted, including a German website development company which supports clients associated with pharmaceutical manufacturers, container transport, biotechnology and manufacturers of electrical components enabling sea, land and air navigation and communications, as well as a South Korean software development firm.
While the identity of whoever is behind the cyberespionage campaign is still unclear, Zaboeva said there is no shortage of potential suspects.
Previous reports by Reuters have documented ways in which hackers with links to a variety of countries had been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments. These countries included some of the "usual suspects" such as Iran, China, North Korea and Russia, as well as South Korea and Vietnam.
Referring to when IBM uncovered hacking activity surrounding the targeting of the global supply chain for Covid-19 PPE, Zaboeva said: "Similarly, as the global competition races for a vaccine, it is highly likely the cold chain is a compelling target that will be at the top of the lists of national collection requirements worldwide."
Back to Homepage
Back to Technology & Innovation
Back to Healthcare