Apparently, there is no limit to how low some cyberspies will go.
An IBM cybersecurity team blew the whistle on Thursday (Dec. 3) on what it called in a blog post a sophisticated “global phishing campaign” that targeted organizations involved in a key part of the supply chain for the various COVID-19 vaccines under development.
In particular, the hackers targeted the organizations involved in the “cold chain,” the component of the supply chain designed to keep vaccines “persevered in temperature-controlled environments” as they are stored and shipped out to locations around the world for distribution.
The IBM Security X-Force said that a special team, which was created to track down cyber threats against the vaccine supply chain, uncovered fraudulent emails that purported to be from a Chinese executive at a cold-chain supply company.
The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as global organizations based in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.
The phony emails, which purported to be from Haier Biomedical, a real company involved in the COVID-19 vaccine supply chain, were sent to organizations “believed to be providers of material support to meet transportation needs within the COVID-19 cold chain,” IBM wrote in its blog post.
The effort was sophisticated enough that it may be the work of a “nation-state” as opposed to cybercriminals on the hunt for the ultimate score, the report noted.
“While attribution is currently unknown, the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity,” the IBM team stated in the post.
More specifically, the targeted organizations are likely linked to Gavi, The Vaccine Alliance.
The nonprofit, backed by the Bill & Melinda Gates Foundation, focuses on ensuring that low- and middle-income countries have access to an affordable COVID-19 vaccine.
The emails landed in the inboxes of “select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain,” the IBM team noted.
The purpose, according to the IBM cyber analysts, was potentially to “harvest credentials” and “gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”