COVID-19 vaccine supply chain targeted by hackers

A global phishing campaign is targeting organisations associated with a COVID-19 ‘cold chain’ (a temperature-controlled supply chain necessary to keep vaccines from spoiling in high temperatures), IBM warns in its blog post. According to IBM, the phishing campaign started in September 2020, and the hackers impersonated an executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain. The targets were ‘European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors’. IBM noted that it is not clear if the campaign had been successful so far. ‘Attribution is currently unknown,’ the blogpost notes, but ‘the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity’. Experts comment that the operation might be aimed at stealing sensitive information about the process, or at preparing for a ransomware campaign that could lock-up certain ‘smart’ elements of the chain. In conjunction with the report, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a statement urging organisations associated with the storage and transport of vaccines to review the IBM research.