USA: IBM has urged companies involved in Covid-19 distribution to be “vigilant” and remain on “high alert” after detecting a global phishing campaign targeting the cold chain.
Analysis by researchers at the IBM Security X-Force detected the start of the phishing activity in September. It is said to have spanned six countries and targeted organisations likely associated with Gavi, the Vaccine Alliance’s Cold Chain Equipment Optimisation Platform (CCEOP) programme. While the group has not been able to ascertain the source of this campaign, IBM says the “precision targeting of executives and key global organisations” are the potential hallmarks of “nation-state tradecraft”.
The adversary impersonated a business executive from Haier Biomedical, a Chinese company currently acting as a qualified supplier for the CCEOP programme. Disguised as this employee, the adversary sent phishing emails to organisations believed to be providers of material support to meet transportation needs within the Covid-19 cold chain.
IBM’s Security X-Force suspect this campaign may have been to harvest credentials, possibly to gain future unauthorised access to corporate networks and sensitive information relating to the vaccine distribution.
Targets have included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organisations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organisations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.
The US government’s Cybersecurity and Infrastructure Security Agency has issued an alert encouraging organisations associated with the storage and transport of a vaccine to review this research and recommended best practices to remain vigilant.