CATEGORIES
home News

IBM X-Force Discovers Hacker Plot To Disrupt Critical COVID-19 Vaccine Supply Chain

by Nathan OrdSaturday, December 05, 2020, 02:35 PM EDT
hero phishing
In the early days of the COVID-19 pandemic, IBM created a global security task force, called X-Force, dedicated to threat intelligence and analysis for organizations that are part of the vaccine supply chain. The work the task force has put forth has apparently yielded success as the group just announced that it discovered a global phishing campaign targeting COVID-19 "cold chain" organizations. These cold chain orgs are reportedly a vital part of the COVID-19 supply chain as they ensure that vaccines are preserved in cold temperatures so they remain effective.

According to IBM’s X-Force, the phishing campaign began in September of this year, spanning across six countries and several companies. It was presumably targeting people and businesses associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. The goal of the CCEOP is to “ultimately strengthen vaccine supply chains, optimize immunization equity, and ensure an agile medical response to outbreaks of infectious diseases.”

Example Email From Cold Chain-Targeted Phishing Campaign
Example Email From Cold Chain-Targeted Phishing Campaign From X-Force Report

With this information about Gavi, the attack worked through spear-phishing, where a malicious group impersonated an executive from Haier Biomedical. Haier is involved in the COVID-19 cold chain and is a supplier for the CCEOP program mentioned earlier. Subsequently, “disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.” The organizations targets spanned across the energy, manufacturing, website creation and software and internet security solutions sectors throughout Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.

Thankfully, even though the emails could seem legitimate, X-Force’s analysis could not conclude if the phishing campaign was successful. If it were successful, the attackers could have collected a variety of credentials from the targets through the emails sent.

Also, while the analysis was inconclusive, X-Force believes this attack has the “potential hallmarks of nation-state tradecraft.” Thus, we are likely to see more attacks and cybersecurity threats against this area of industry until the COVID-19 supply chain is no longer a worth while target.
Tags:  IBM, security, Phishing, cybersecurity, (NYSE:IBM), covid-19
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment