A coordinated, global network of hackers tried to break into the COVID-19 'cold chain,' which transports vaccines at -94 degrees Fahrenheit

Advertisement
A coordinated, global network of hackers tried to break into the COVID-19 'cold chain,' which transports vaccines at -94 degrees Fahrenheit
An employee of German logistic hardware producer va-Q-tec gets dry ice to fill an ultra-low temperature container to transport vaccination against the coronavirus disease (COVID-19) at the company's headquarters in Wuerzburg, Germany, November 18, 2020.REUTERS/Kai Pfaffenbach
  • IBM security researchers said Thursday they'd detected a coordinated global hacking campaign targeting the COVID-19 vaccine "cold chain."
  • Some COVID-19 vaccines, like the one made by Pfizer, need to be kept at fantastically cold temperatures throughout the supply chain.
  • IBM said it does not yet know who's behind the attacks, but suspects the hackers may be state-backed.
  • The hackers posed as an executive from Haier Biomedical, a real firm involved in the cold chain, IBM said.

Hackers have been trying to break into the supply chain that will help COVID-19 vaccines get delivered at the required deep-freeze temperature, IBM said in a report Thursday.

IBM security researchers found a "global phishing campaign," which it said systematically targeted companies involved in the so-called COVID-19 "cold chain."

COVID-19 vaccines like the one made by Pfizer — which yesterday gained approval from the UK government and will start rolling out shots next week — need to be kept at extraordinarily cold temperatures to remain viable. Pfizer's vaccine needs to be kept at -94 degrees Fahrenheit, and has to be transported in a special briefcase filled with dry ice.

Advertisement

Phishing attacks are when hackers send a message to the target trying to obtain sensitive information, such as passwords, by posing as someone else. In this case, the hackers targeted executives across a range of groups associated with the The Cold Chain Equipment Optimization Platform (CCEOP) program, which was launched by the Vaccine Alliance and UNICEF.

The emails claimed to be from an executive at Haier Biomedical, a real partner of the CCEOP program, and targeted companies involved in the transport of future COVID-19 vaccines.

The emails both asked for credentials and contained lines of malicious code. "It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world's only complete cold chain provider," IBM noted.

Advertisement

Read more: Inside Moderna's historic coronavirus vaccine program that transformed the biotech upstart into a $57 billion drug industry powerhouse

IBM said the campaign started in September 2020 and covered six countries, including Germany, Italy, and South Korea.

"While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft," IBM said. It also said its analysis didn't show whether the attacks were successful.

Advertisement

This isn't the first time researchers have found hackers targeting the COVID-19 vaccine. Microsoft announced in November it had detected efforts from North Korea and Russia-backed hackers to infiltrate the systems of COVID-19 vaccine-makers.

{{}}