Hackers Target Coronavirus Vaccine Supply Chain

The international Coronavirus vaccine supply chain has been targeted by cyber-espionage, according to reaearchers at IBM. Unknown hackers have been trying to compromise accounts and computer systems of employees in various organisations involved in the COVID-19 vaccine supply chain.
 
The hackers have been trying to break into the supply chain that will help COVID-19 vaccines get delivered at the required deep-freeze temperature. While it’s obvious that their spear-phishing emails are aimed at harvesting login credentials, their final goal is likely to get their hand on as much information as possible, according to IBM Security X-Force
 
It’s unclear whether their attempts have yet been successful. IBM says it tracked a campaign aimed at the delivery "cold chain" used to keep vaccines at the right temperature during transportation. The attackers' identity is unclear - but IBM said the sophistication of their methods indicated a nation state.It follows warnings from governments - including the UK's - of countries targeting aspects of vaccine research.
 
Phishing Emails
 
IBM says it believes the campaign started in September when phishing emails were first sent out across six countries, which targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance. Gavi's partners include the World Health Organisation, Unicef, the World Bank and the Bill & Melinda Gates Foundation. They help distribute vaccines around the world to some of the poorest regions and this sometimes requires a "cold chain". 
 
Malicious Code
 
The Pfizer-BioNTech vaccine - which was not the specific target of this campaign - needs to be kept at a temperature of about -70C as it is moved about. The attackers impersonated a business executive from a legitimate Chinese company involved in CCEOP's supply cold chain to make it more likely the targets would engage with the email. They then sent phishing emails to organisations that provided transportation, which contained malicious code and asked for people's log in credentials. 
 
That could have allowed them to understand the infrastructure that governments intended to use to distribute vaccines.  "Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target," IBM says.
 
According to IBM  the wider targeting included:  
 
  • The European Commission's Directorate General Taxation and Customs Union.
  • Companies involved in manufacturing solar panels, which can be used to keep vaccines cold in places where reliable power is not available.
  • A South Korean software-development company.
  • A German website-development company, which supports clients associated with pharmaceutical manufacturers, container transport, biotechnology and manufacturers of electrical components for communications
The hacking campaign was uncovered by an IBM Security team set up at the start of the pandemic to track down Covid-19 cyber threats. "The precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.... Without a clear path to a payout, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation." IBM said.
 
Intelligence Gathering
 
IBM says it has notified those targeted as well as law-enforcement authorities.In July, the UK warned Russian intelligence had targeted UK vaccine research, including the British Astra Zeneca project in Oxford. The US authorities have warned of Chinese hacking, while Microsoft has said it had seen North Korean and Russian hackers targeting vaccine research. US officials suggested the activity so far had been about intelligence gathering rather than disruption of any research.
 
 IBM         US-CERT:    CISA:     Business Insider:       Help Net Security:     BBC
 
You Might Also Read: 
 
Covid Vaccine-Maker Suffers Cyber Attacks:
 
« Facebook Fights Fake News - Badly
Britain's New Regime For Online Platforms »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.