Hackers Tried to Access COVID Vaccine ‘Cold Chain’
December 4, 2020 — A team of hackers launched a global phishing campaign to gain access to the “cold chain” of organizations required to deliver some coronavirus vaccines at super-cold temperatures, according to a cybersecurity task force.
The hackers were discovered by IBM Security X-Force, a group “dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving.” The blog was written by Claire Zaboeva, a task force member and IBM cyber threat analyst, and published on the website Security Intelligence.
The phishing emails targeted executives working for organizations involved in The Cold Chain Equipment Optimization Platform (CCEOP) program, the blog said.
The emails were made to seem as if they were sent from an employee of Haier Biomedical, a real member of CCEOP, and were posed as requests for quotations (RFQ) related to the program. The emails had attachments that recipients could open with passwords.
Phishing emails are typically sent as a way to obtain passwords and other information that allow hackers to penetrate an organization’s computer security.
It’s unclear who was behind the effort or if they succeeded, but Security Intelligence said it looks like a “nation-state activity.”
“Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” the blog said.
The discovery of the hackers comes as vaccines by Moderna and Pfizer are on the verge of being available in the United States and the United Kingdom.
The Pfizer vaccine requires shipment and storage at deep freeze temperatures of -94 degrees Fahrenheit. Moderna’s vaccine can be shipped at -4 degrees Fahrenheit, a temperature equal to most home or medical freezers, according to Moderna.
The hacking campaign started in September 2020, the blog said.
The phishing emails were sent to the European Commission’s Directorate-General for Taxation and Customs Union, and organizations within the energy, manufacturing, website creation, and software and internet security solutions sectors, the blog said. These global organizations are headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.