IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus.
The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with the COVID-19 vaccine “cold chain” – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms.
The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed – the U.S. government’s national vaccine mission – to be on the lookout. Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer Inc and BioNTech SE because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.
IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.
The hackers went through “an exceptional amount of effort,” said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.
“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” she said.
Haier Medical did not return messages seeking comment.
Messages sent to the email addresses used by the hackers were not returned.
IBM said the bogus Haier emails were sent to around 10 different organizations but only identified one target by name: the European Commission’s Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU and has helped set rules on the import of vaccines.
