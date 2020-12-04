IBM security researchers say a global phishing campaign has targeted organizations associated with the distribution of COVID-19 vaccines since September 2020. In a blog post, IBM X-Force IRIS analyst Claire Zaboeva and Melissa Frydrych announced that the phishing campaign covered six regions. These regions are Germany, Italy, South Korea, the Czech Republic, the rest of Europe and Taiwan.

The campaign appears to be focused on the “cold chain” part of the vaccine supply chain that keeps doses cold during storage and transportation. Some vaccines need to stay at extremely low temperatures to stay strong. For example, Pfizer recommends that the COVID-19 vaccine be stored at minus 70 degrees Celsius (colder than winter in Antarctica). This poses a logistical challenge for the pharmaceutical company that will require it to ship millions of doses around the world at this temperature.

The attacks focused on groups affiliated with Gavi, an international organization promoting vaccine access and distribution. It specifically targeted organizations related to the Cold Chain Equipment Optimization Platform (CCEOP), which aims to deploy and develop technology that can keep vaccines at very cold temperatures. These included the European Commission’s General Directorate of Taxation and Customs Union and organizations in the “energy, production, website creation and software and internet security solutions sectors”.

According to the blog post, the people behind the phishing operation sent emails to the executives of the organizations claiming to be managers from CCEOP supplier Haier Biomedical. The emails that allegedly requested CCEOP-related quotes included HTML attachments that requested the opener’s credentials that the attacker could store and use to gain unauthorized access along the line.

“We consider that the purpose of this COVID-19 phishing campaign could be to collect credentials, possibly to gain future unauthorized access to corporate networks and sensitive information related to COVID-19 vaccine distribution,” she wrote in the blog post. The statement is included.

It is not yet clear who was behind this attack, but researchers suspect a nation-state actor rather than a private person or group. “Without a clear way to cash out, cybercriminals are unlikely to allocate the time and resources needed to run such a calculated transaction with so many interconnected and globally distributed targets,” the blog post wrote. is called. “Improved insight into the purchase and movement of a vaccine that could affect life and the global economy is likely a high-value and high-priority nation-state goal.”

IBM recommends that companies “be cautious and remain vigilant throughout this time” regarding the storage and transportation of the COVID-19 vaccine. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning encouraging organizations to review IBM’s report.



