Hackers put the COVID-19 vaccine integrity at risk

The COVID-19 vaccine storage and shipment became the new target of hackers, according to the IBM researchers. This happens just after the UK became the first country to authorise the Pfizer/BioNTech’s vaccine and the first people will take it next week.

COVID-19 vaccine storage and transport companies, attacked

According to the researchers, a spearphishing campaign targeted the storage and transport companies. Those should provide temperature-controlled environments, so that the vaccines can be widely distributed.

IBM considers that the attackers wanted to steal credentials from those companies. Thus, they would gain future access to “corporate networks and sensitive information relating to the COVID-19 vaccine distribution”.

Still, there is no hint regarding the effectiveness of the phishing campaign. Still, it seems it began in September and targeted organisations in Europe and Asia. All of these are, somehow, associated with the Gavi‘s supply-chain program.

In fact, the main targets were companies from the energy, manufacturing and software sectors. All those were involved in the distribution of the vaccines. After gaining access to internal communications of those, the attackers could gather essential data. IBM researchers named the “infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it.”

Attackers, tied to a government

IBM suspects that attackers have ties to a government. Still, they mentioned they did not have enough evidence to determine which one.

According Clair Zaboerva, cyber threat analyst at X-Force, “This adversary picked the perfect cover – one that would pass scrutiny and suspicion.”

In fact, hackers posed as executives at Haier Biomedical, which is a supplier involved in the supply-chain program of the COVID-19 vaccine. So, they sent phishing emails to the companies involved in transportation.

Haier, which is a China-based company, advertise itself as “the world’s only complete cold chain provider.”

The Cybersecurity and Infrastructure Security Agency (CISA) warned about the discovery in the IBM report.
Josh Corman, CISA’s chief strategist for health care asked the targeted organisations to protect against such attacks. “CISA encourages all the organisations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation,” Corman mentioned.

The attacks targeting the new vaccines began back in May, when the US officials accused Chinese hackers of targeting vaccine research.