IBM said hackers are targeting logistical companies critical to the distribution of COVID-19 vaccine, Reuters reported.
The US-based information technology company said in a blog post published on Thursday that it had uncovered a global phishing campaign focused on organizations associated with the COVID-19 vaccine cold chain – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to customers.
The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed – the U.S. government’s national vaccine mission – to be on the lookout. Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer and BioNTech SE because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.
IBM’s cybersecurity unit said it detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.
The hackers went through an exceptional amount of effort, said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.
IBM said the bogus Haier emails were sent to around 10 different organizations but only identified one target by name: the European Commission’s Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU and has helped set rules on the import of vaccines.
IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.
Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments.
IBM’s Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world,” she said.