The COVID ‘cold chain’ is now under attack, likely by a nation state, although the identity of the threat actors remains unknown, according to an IBM report.
Since the research into the pandemic began, threat actors have been trying to either hamper efforts into finding a cure or trying to steal precious research data. Over the course of 2020, numerous attacks on pharmaceutical companies and research laboratories have been thwarted, and it looks like this new attempts follows the same lines.
The cold chain is a component of the vaccine supply chain that preserves vaccines in temperature-controlled environments during storage and transportation.
Security researchers from IBM discovered a complex phishing campaign directed at the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, according to a BBC report.
“The adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program,” said IBM. “The company is purportedly the world’s only complete cold chain provider. Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.”
The attackers went after the European Commission’s Directorate-General for Taxation and Customs Union, along with organizations within the energy, manufacturing, website creation and software and internet security solutions sectors.
The goal of the attack was to gather credentials that would allow much wider access to the research and other transport infrastructure data.
“The adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine,” according to the report. “This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it. However, beyond critical information pertaining to the COVID-19 vaccine, the adversary’s access could extend deeper into victim environments.”
The Cybersecurity and Infrastructure Security Agency (CISA) has already warned of possible campaigns using this exact vector, and the threat actors will likely continue to try and gather credentials and research data.