Infosec Security News

IBM Warns Hackers Targeting Covid Vaccine ‘Cold Chain’ Supply Process

IBM is sounding the alarm over hackers targeting companies critical to the distribution of Covid-19 vaccines. The company said in a blog post that it had uncovered “a ” focused on organizations associated with the COVID-19 vaccine “cold chain” – the process neededglobal phishing campaign to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms.

The US Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed – the US government’s national vaccine mission – to be on the lookout. This calculated operation targeting organizations linked to covid 19 cold chain started in September 2020 and is a global phishing campaign targeting organizations.

The Covid-19 phishing campaign spanned across six countries and targeted organisations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) programme.

While the identity of the attackers could not be determined definitively, the precision targeting of executives and key global organisations hold the potential hallmarks of nation-state tradecraft, IBM said..

Disguised as this employee, the cyber criminals sent phishing emails to organisations believed to be providers of material support to meet transportation needs within the Covid-19 cold chain.

“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorised access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” Claire Zaboeva, Senior Strategic Cyber Threat Analyst at IBM wrote in the blog post.

The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organisations within the energy, manufacturing, website creation and software and internet security solutions sectors.

These are global organisations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.

The spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.

(Image courtesy: www.aa.com.tr)

Leave a Comment

Your email address will not be published.

You may also like