Cyberspies target Covid vaccine 'cold chain' distribution network

[aum]

Tech firm IBM says it has uncovered global phishing campaign with hallmarks of being state-backed

 

A global phishing campaign targeting organisations working on the “cold chain” for Covid vaccines has been uncovered by researchers at IBM, who say it bears the marks of a nation-state attack.

 

From September 2020, organisations across six countries were sent emails purporting to be from Haier Biomedical, a member company of a long-running Unicef programme that aims to strengthen vaccine supply chains. Those emails contained malicious attachments which, when opened, displayed a request for security credentials under the guise of being encrypted files.

 

IBM “urges companies in the Covid-19 supply chain – from research of therapies, healthcare delivery to distribution of a vaccine – to be vigilant and remain on high alert during this time,” said Claire Zaboeva, a threat analyst at the company’s X-Force cybersecurity division. “Governments have already warned that foreign entities are likely to attempt to conduct cyber espionage to steal information about vaccines.”

 

Based on IBM’s findings, the Cybersecurity and Infrastructure Security Agency (Cisa) of the US Department of Homeland Security issued its own warning, encouraging “all organisations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space,” said Josh Corman, Cisa’s chief strategist for healthcare.

 

The vaccine “cold chain” is the logistics network that allows for vaccines to be transported from their site of manufacture to primary care clinics around the world without warming from the cold temperatures required for their efficacy. It is particularly important for Pfizer’s Covid-19 vaccine, which on Wednesday became the first to be approved by the UK. That vaccine needs to be kept at temperatures as low as -80C for long-term storage, though it can spend up to a week at temperatures closer to a conventional fridge.

 

In order to coordinate the huge logistical challenge of producing, shipping and administering the vaccine, Unicef and vaccination partnership Gavi, working through a programme launched in 2015 called the Cold Chain Equipment Optimisation Platform (CCEOP), have been bringing together private and public sector organisations from around the world to accelerate efforts.

 

The phishing attack identified by IBM comes after it emerged that intelligence organisations had begun to notice that hostile-state hackers from countries such as Russia, China, Iran and North Korea have shifted their targeting of coronavirus secrets away from the vaccines themselves and towards trial results and methods of mass production.

 

A particular focus is how vaccines like Pfizer and BioNTech’s can be manufactured and distributed, intelligence sources add, with hostile states seeking to steal vaccine secrets so they can potentially copy Western processes for themselves.

 

Britain’s National Cyber Security Centre is warning organisations to be vigilant, particularly from the type of spear phishing attack cited by IBM, in which employees of a company in the covid supply chain are targeted with carefully crafted emails from an apparently plausible person, designed to persuade people to click on a malicious link disguised as a news story, a job offer or something similar.

 

It was CEEOP members, including the European commission’s Directorate-General for Taxation and Customs Union, and other global organisations headquartered in South Korea, Taiwan, Italy and elsewhere, who were targeted by the phishing campaign. The phishing emails, purportedly from China’s Haier Biomedical, “were sent to select executives in sales, procurement, information technology and finance positions,” according to Zaboeva.

 

Attribution of hacking campaigns is notoriously difficult, frequently relying on techniques such as re-use of tactics from previous campaigns rather than hard forensic evidence, but Zaboeva says that a nation state may be behind the attacks. “The precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.”

 

“Without a clear path to a cash-out, cybercriminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” she added. “Likewise, insight into the transport of a vaccine may present a hot black-market commodity, however, advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high value and high priority nation-state target.”

 

Information about Covid vaccine projects has come under attack from hackers before. Just last month, Reuters reported that suspected North Korean hackers had tried to break into the systems of AstraZeneca. “The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers,” Reuters reported, and “sent documents purporting to be job descriptions that were laced with malicious code designed to gain access to a victim’s computer”.

 

The attempt spanned six countries linked to the cold chain equipment optimisation platform (CCEOP) of Gavi, the international vaccine alliance that helps distribute jabs to some of the world’s poorest countries.

 

“Given the specialisation and global distribution of organisations targeted in this campaign, it’s highly likely that the adversary is intimately aware of critical components and participants of the cold chain,” IBM said.

 

The Pfizer-BioNTech vaccine, set to roll out in the UK from next week, was not a specific target of this incident.

 

Those affected and authorities have been notified of the operation.

 

Source

[Karlston]

Moved from General News.