IBM has exposed a global phishing campaign targeting organisations associated with a COVID-19 Vaccine cold chain.

The multinational tech and consulting business found that the cyber operation started in September 2020 and spanned across six countries.

The cold chain is a component of the vaccine supply chain that safely preserves vaccines in temperature-controlled environments during storage and transportation.

IBM Security X-force established a threat intelligence task force at the onset of the pandemic to track down COVID-19 cyber threats against organisations that are keeping the vaccine supply chain moving.

IBM said that the international phishing campaign targeted organisations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimisation Platform (CCEOP) programme.

The CCEOP was launched by Gavi, The Vaccine Alliance along with the United Nations Children Fund (UNICEF) and other partners in 2015. Its objective is to ultimately strengthen vaccine supply chains, optimise immunisation equity and ensure an agile medical response to outbreaks of infectious diseases.

Claire Zaboeva, senior strategic cyber threat analyst at IBM, warned that while firm attribution could not be established for this campaign “the precision targeting of executives and key global organisations hold the potential hallmarks of nation-state tradecraft.”

IBM has urged companies in the COVID-19 supply chain, from research of therapies, healthcare delivery to distribution of a vaccine, to be vigilant and remain on high alert during this time.

It said that governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines.

According to IBM’s research the spoofed phishing emails appear to originate from a business executive from Haier Biomedical, a Chinese company currently acting as a qualified supplier for the CCEOP program, in coordination with the World Health Organization (WHO), UNICEF and other U.N. agencies.

It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider.

Share Story: