According to a blog post by IBM security researchers, a global phishing campaign has been targeting organizations linked with the distribution of COVID-19 vaccines since September 2020. Claire Zaboeva and Melissa Frydrych reported that the phishing campaign is prevalent in six regions around the world, namely Germany, Italy, South Korea, the Czech Republic, Taiwan, and greater Europe.
Some of the newly developed COVID vaccines need very low temperatures (around -70 degrees Celsius) to remain useful, which involves a lot of challenges in transportation and storage. According to the IBM X-Force IRIS researchers, the phishing campaign is mainly centered around the this “cold chain” part of the vaccine distribution supply chain.
Gavi, an international vaccine distribution organization – whose partners include the Bill & Melinda Gates Foundation, UNICEF, WHO, and several others – was the main target in the attacks. Specifically, the organization’s Cold Chain Equipment Optimization Platform (CCEOP) was targeted. The hackers sent phishing emails to the organizations’ executives claiming to be representatives of Haier Biomedical, an equipment supplier for CCEOP. The emails stored the openers’ sensitive information using HTML attachments, which can possibly be used in the future to gain access to restricted parts of the CCEOP system.
“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the authors say in the blog post.
The people responsible for the phishing campaign have yet to be identified, however the researchers presume a nation-state to be involved. The Cybersecurity and Infrastructure Agency (CISA) has issued and alert and is encouraging health organizations to read the report. In the meanwhile, IBM recommends vaccine distribution and storage companies to “be vigilant and remain on high alert during this time.”