|
 The information technology company said in a blog post published on
Thursday that it had uncovered "a global phishing campaign" focused
on organizations associated with the COVID-19 vaccine "cold chain" -
the process needed to keep vaccine doses at extremely cold
temperatures as they travel from manufacturers to people's arms.
The U.S. Cybersecurity and Infrastructure Security Agency reposted
the report, warning members of Operation Warp Speed - the U.S.
government's national vaccine mission - to be on the lookout.
Understanding how to build a secure cold chain is fundamental to
distributing vaccines developed by the likes of Pfizer Inc and
BioNTech SE because the shots need to be stored at minus 70 degrees
Celsius (-94 F) or below to avoid spoiling.
IBM's cybersecurity unit said it had detected an advanced group of
hackers working to gather information about different aspects of the
cold chain, using meticulously crafted booby-trapped emails sent in
the name of an executive with Haier Biomedical, a Chinese cold chain
provider that specializes in vaccine transport and biological sample
storage.
The hackers went through "an exceptional amount of effort," said IBM
analyst Claire Zaboeva, who helped draft the report. Hackers
researched the correct make, model, and pricing of various Haier
refrigeration units, Zaboeva said.
"Whoever put together this campaign was intimately aware of whatever
products were involved in the supply chain to deliver a vaccine for
a global pandemic," she said.
Haier Medical did not return messages seeking comment.
Messages sent to the email addresses used by the hackers were not
returned.
[to top of second column] |
IBM said the bogus Haier emails were sent to around 10 different organizations
but only identified one target by name: the European Commission's
Directorate-General for Taxation and Customs Union, which handles tax and
customs issues across the EU and has helped set rules on the import of vaccines.
Representatives for the directorate-general could not immediately be reached for
comment.
IBM said other targets included companies involved in the manufacture of solar
panels, which are used to power vaccine refrigerators in warm countries, and
petrochemical products that could be used to derive dry ice.
Who is behind the vaccine supply chain espionage campaign isn't clear.
Reuters has previously documented how hackers linked to Iran, Vietnam, North
Korea, South Korea, China, and Russia have on separate occasions been accused by
cybersecurity experts or government officials of trying to steal information
about the virus and its potential treatments.
IBM's Zaboeva said there was no shortage of potential suspects. Figuring out how
to swiftly distribute an economy-saving vaccine "should be topping the lists of
nation states across the world," she said.
(Reporting by Raphael Satter; editing by Grant McCool)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
