A cyber espionage campaign targeting companies vital to the spread of COVID-19 vaccines has been discovered.
According to a warning from the US government and a research blog published by IBM, the hacking campaign started in September.
It was addressed to a number of organizations including the government and the energy and IT sectors related to the COVID-19 “cold supply chain”.
Live COVID updates as the UK prepares for vaccine launch
The cold chain is an integral part of the distribution of Pfizer / BioNTech vaccines. approved in the UK on Tuesdayas the vaccine must be stored at -70 ° C to avoid spoilage prior to administration.
Although it is not clear whether the sophisticated phishing emails were successful, IBM warned that the campaign contained “the potential hallmarks of nation-state trade” rather than an attack by cyber criminals.
“Without a clear path to a payout, cyber criminals are unlikely to expend the time and resources necessary to carry out such a calculated operation with so many interconnected and globally dispersed goals,” added IBM.
This week Interpol issued a warning Warning that organized criminal gangs could try to steal COVID-19 vaccines or create their own fake versions to benefit from the pandemic.
It follows an announcement in July from the UK, US and Canada that Russian cyber spies tried to steal research in coronavirus vaccines and treatment.
According to IBM, emails have been sent to 10 organizations, including the European Commission’s Tax and Customs Directorate-General, which handles EU and customs issues across the EU.
Claire Zaboeva, an IBM analyst involved in the discovery, told the Associated Press that the EU agency that is reviewing vaccine import and export regulations would be “a goldmine” for hackers seeking access to other organizations.
IBM warned that if the hackers were successful, the attacks could lead to “stealing and selling” [of] Black Market Vaccine Shipping Containers Worldwide “.
The hackers have sent emails posing as the executive director of the Chinese company Haier Biomedical, which IBM says is “a credible and legitimate member of the COVID-19 vaccine supply chain.”
The aim of the campaign was to collect credentials “possibly to gain unauthorized future access to corporate networks and confidential information related to the distribution of COVID-19 vaccines”.
Target companies included companies involved in the manufacture of solar panels that can be used in countries without reliable power supplies to ensure vaccine refrigerators are turned on, as well as petrochemical companies that make dry ice.