IBM X-Force Discovers Hacker Plot To Disrupt Critical COVID-19 Vaccine Supply Chain

hero phishing
In the early days of the COVID-19 pandemic, IBM created a global security task force, called X-Force, dedicated to threat intelligence and analysis for organizations that are part of the vaccine supply chain. The work the task force has put forth has apparently yielded success as the group just announced that it discovered a global phishing campaign targeting COVID-19 "cold chain" organizations. These cold chain orgs are reportedly a vital part of the COVID-19 supply chain as they ensure that vaccines are preserved in cold temperatures so they remain effective.

According to IBM’s X-Force, the phishing campaign began in September of this year, spanning across six countries and several companies. It was presumably targeting people and businesses associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. The goal of the CCEOP is to “ultimately strengthen vaccine supply chains, optimize immunization equity, and ensure an agile medical response to outbreaks of infectious diseases.”

Example Email From Cold Chain-Targeted Phishing Campaign
Example Email From Cold Chain-Targeted Phishing Campaign From X-Force Report

With this information about Gavi, the attack worked through spear-phishing, where a malicious group impersonated an executive from Haier Biomedical. Haier is involved in the COVID-19 cold chain and is a supplier for the CCEOP program mentioned earlier. Subsequently, “disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.” The organizations targets spanned across the energy, manufacturing, website creation and software and internet security solutions sectors throughout Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.

Thankfully, even though the emails could seem legitimate, X-Force’s analysis could not conclude if the phishing campaign was successful. If it were successful, the attackers could have collected a variety of credentials from the targets through the emails sent.

Also, while the analysis was inconclusive, X-Force believes this attack has the “potential hallmarks of nation-state tradecraft.” Thus, we are likely to see more attacks and cybersecurity threats against this area of industry until the COVID-19 supply chain is no longer a worth while target.