Hackers Target Coronavirus Vaccine Supply Chain

The international Coronavirus vaccine supply chain has been targeted by cyber-espionage, according to reaearchers at IBM. Unknown hackers have been trying to compromise accounts and computer systems of employees in various organisations involved in the COVID-19 vaccine supply chain.
 
The hackers have been trying to break into the supply chain that will help COVID-19 vaccines get delivered at the required deep-freeze temperature. While it’s obvious that their spear-phishing emails are aimed at harvesting login credentials, their final goal is likely to get their hand on as much information as possible, according to IBM Security X-Force
 
It’s unclear whether their attempts have yet been successful. IBM says it tracked a campaign aimed at the delivery "cold chain" used to keep vaccines at the right temperature during transportation. The attackers' identity is unclear - but IBM said the sophistication of their methods indicated a nation state.It follows warnings from governments - including the UK's - of countries targeting aspects of vaccine research.
 
Phishing Emails
 
IBM says it believes the campaign started in September when phishing emails were first sent out across six countries, which targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance. Gavi's partners include the World Health Organisation, Unicef, the World Bank and the Bill & Melinda Gates Foundation. They help distribute vaccines around the world to some of the poorest regions and this sometimes requires a "cold chain". 
 
Malicious Code
 
The Pfizer-BioNTech vaccine - which was not the specific target of this campaign - needs to be kept at a temperature of about -70C as it is moved about. The attackers impersonated a business executive from a legitimate Chinese company involved in CCEOP's supply cold chain to make it more likely the targets would engage with the email. They then sent phishing emails to organisations that provided transportation, which contained malicious code and asked for people's log in credentials. 
 
That could have allowed them to understand the infrastructure that governments intended to use to distribute vaccines.  "Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target," IBM says.
 
According to IBM  the wider targeting included:  
 
  • The European Commission's Directorate General Taxation and Customs Union.
  • Companies involved in manufacturing solar panels, which can be used to keep vaccines cold in places where reliable power is not available.
  • A South Korean software-development company.
  • A German website-development company, which supports clients associated with pharmaceutical manufacturers, container transport, biotechnology and manufacturers of electrical components for communications
The hacking campaign was uncovered by an IBM Security team set up at the start of the pandemic to track down Covid-19 cyber threats. "The precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.... Without a clear path to a payout, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation." IBM said.
 
Intelligence Gathering
 
IBM says it has notified those targeted as well as law-enforcement authorities.In July, the UK warned Russian intelligence had targeted UK vaccine research, including the British Astra Zeneca project in Oxford. The US authorities have warned of Chinese hacking, while Microsoft has said it had seen North Korean and Russian hackers targeting vaccine research. US officials suggested the activity so far had been about intelligence gathering rather than disruption of any research.
 
 IBM         US-CERT:    CISA:     Business Insider:       Help Net Security:     BBC
 
You Might Also Read: 
 
Covid Vaccine-Maker Suffers Cyber Attacks:
 
« Facebook Fights Fake News - Badly
Britain's New Regime For Online Platforms »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

CYBERSEC Forum

CYBERSEC Forum

CYBERSEC Forum is an annual European Public Policy Conference dedicated to strategic aspects of cybersecurity.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Corvid

Corvid

Corvid is an experienced team of cyber security experts who are passionate about delivering innovative, robust and extensive defence systems to help protect businesses against cyber threats.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.