Phishing Campaign Takes Aim at COVID-19 Vaccine Transportation Chain
The latest attack on COVID-19 vaccine research is aimed squarely at the supply chain of companies and government organizations working to keep the vaccines refrigerated in transit.
It was bound to happen.
Months after news that hackers were attempting to steal coronavirus vaccine intellectual property and research comes news that a new campaign is targeting the COVID-19 vaccine cold chain.
With countries like the UK ahead of the US when it comes to authorizing a vaccine - it gave the green light to Pfizer/BioNTech's vaccine Wednesday – it’s not totally surprising to see cybercriminals, who have been trying to carry out espionage to steal information about vaccines all year long, move to the latest shiny object.
A new report, issued this morning disclosed that hackers have been sending phishing emails to an EU agency and companies likely participating in a Gavi vaccine aid project.
Gavi, The Vaccine Alliance - is a group in charge of improving access to vaccines worldwide; it's overseeing the Cold Chain Equipment Optimization Platform (CCEOP) program, a project that's coordinating the supply of technologies to improve vaccine delivery. The program is based around ensuring that doses of vaccines can be delivered in temperature-controlled environments.
According to IBM X-Force, which discovered the phishing scam, attackers impersonated a business executive from Haier Biomedical, a China-based Cold Chain solution supplier and also a legitimate member and supplier of the CCEOP program.
In what researchers at the firm claim was an attempt to harvest credentials, likely to use at a later date in order to infiltrate corporate networks and the data that resides on them, the attackers sent emails to the European Commission’s Directorate-General for Taxation and Customs Union, in addition to organizations from the energy, manufacturing, website creation and software and internet security solution sectors.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency lent credence to the research and warned about the scam on Thursday, encouraging Operation Warp Speed (OWS) organizations to review the news and indicators of compromise (IOCs) IBM posted.
Operation Warp Speed is the name the Trump administration has given to companies working to develop and distribute coronavirus vaccines.
While the news is confirmation that attackers are still very active when it comes to targeting coronavirus research, it's unclear if the attacks were successful and whether they were meant to merely disrupt the supply chain or outright steal sensitive vaccine data.
CISA is encouraging organizations, especially those involved in vaccine storage and transport, to take the necessary steps to mitigate phishing and enhance web security if they aren't already.