The global phishing theft campaign has been targeted at organizations associated with the distribution of COVID-19 vaccine since September 2020, IBM security researchers said.
The Regions Under Threat
In a blog post, analysts Claire Zaboeva and Melissa Frydrych of IBM X-Force IRIS announced that a criminal operation to steal sensitive information across six regions: Germany, Italy, South Korea, the Czech Republic, Greater Europe and Taiwan.
The campaign seems to focus on the “cold chain,” part of the list of vaccines that keep doses cold during storage and transportation. Some vaccines need to be kept extremely low in temperature to stay strong. Pfizer, for example, recommends that their COVID-19 vaccine be stored at 70 degrees Celsius (much colder than in winter in Antarctica). That poses a food challenge to the pharmaceutical company, which will need to transport billions of volumes worldwide at that temperature.
How Is The Operation Taking Place?
The attacks focused on groups affiliated with Gavi, an international organization that promotes access to and distribution of vaccines. Specifically, it targeted organizations affiliated with their Cold Chain Equipment Optimization Platform (CCEOP), which aims to expand and improve technologies that could keep vaccines more cold. These include the European Commission’s Directorate-General for Taxation and Customs Union, as well as “organizations within power, manufacturing, website creation and security solutions and the Internet.”
Through the blog post, people following this criminal activity of stealing sensitive information sent emails to corporate executives claiming to be a manager from CCEOP provider Haer Biomedical. Emails, which allegedly requested CCEOP-related quotations, contained HTML attachments requesting opening details, which the actor could keep and use to gain unauthorized access to the line.
“We are investigating whether the purpose of this COVID-19 sensitive identity theft campaign may have been to secure guarantees, perhaps to gain unauthorized access in future networks of companies and sensitive information about the distribution of the COVID-19 vaccine,” read a blog post.
Who Is Behind This?
It is not yet clear who launched the campaign, but researchers suspect a national actor rather than an individual or a group. “Without a clear source of revenue, cyber criminals are less likely to devote the time and resources needed to carry out this listed work for a wide range of interconnected and widely distributed purposes,” writes a blog post. “Advanced understanding of the purchase and movement of vaccines that can impact global health and the economy is likely to be the most important and prioritized issue for the country.”
IBM recommends that companies involved in maintaining and vaccinating COVID-19 “be vigilant and remain highly alert at this time.” The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging organizations to review the IBM report.
The research and development of the COVID-19 vaccine has been the victim of many cyber attacks this year. The US government has accused China of sponsoring and using hacking cells to steal vaccine research from US and its allies in May, and fined two Chinese hijackers for stealing information from COVID-19 pharmaceutical companies in July.
Previous Instances Of Cyber Attack
Officials in the US, UK and Canada have condemned a group attack linked to Russian intelligence services to organizations involved in developing a vaccine this summer. In November, Microsoft received cyber attacks from international hackers in Russia and North Korea on companies with COVID-19 standards at various stages of clinical testing.
Many companies have submitted the COVID-19 guidelines for review to the Food and Drug Administration, including Pfizer / BioNTech and Moderna. The FDA vaccination community will review applications by mid-December; if vaccines are approved, distribution will begin soon. Moderna expects to have a capacity of up to 20 million by the end of 2020, while Pfizer could supply up to 25 million.