A coordinated, global network of hackers tried to break into the COVID-19 'cold chain,' which transports vaccines at -94 degrees Fahrenheit

A coordinated, global network of hackers tried to break into the COVID-19 'cold chain,' which transports vaccines at -94 degrees Fahrenheit
An employee of German logistic hardware producer va-Q-tec gets dry ice to fill an ultra-low temperature container to transport vaccination against the coronavirus disease (COVID-19) at the company's headquarters in Wuerzburg, Germany, November 18, 2020.REUTERS/Kai Pfaffenbach
  • IBM security researchers said Thursday they'd detected a coordinated global hacking campaign targeting the COVID-19 vaccine "cold chain."
  • Some COVID-19 vaccines, like the one made by Pfizer, need to be kept at fantastically cold temperatures throughout the supply chain.
  • IBM said it does not yet know who's behind the attacks, but suspects the hackers may be state-backed.
  • The hackers posed as an executive from Haier Biomedical, a real firm involved in the cold chain, IBM said.

Hackers have been trying to break into the supply chain that will help COVID-19 vaccines get delivered at the required deep-freeze temperature, IBM said in a report Thursday.

IBM security researchers found a "global phishing campaign," which it said systematically targeted companies involved in the so-called COVID-19 "cold chain."

COVID-19 vaccines like the one made by Pfizer — which yesterday gained approval from the UK government and will start rolling out shots next week — need to be kept at extraordinarily cold temperatures to remain viable. Pfizer's vaccine needs to be kept at -94 degrees Fahrenheit, and has to be transported in a special briefcase filled with dry ice.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Phishing attacks are when hackers send a message to the target trying to obtain sensitive information, such as passwords, by posing as someone else. In this case, the hackers targeted executives across a range of groups associated with the The Cold Chain Equipment Optimization Platform (CCEOP) program, which was launched by the Vaccine Alliance and UNICEF.

The emails claimed to be from an executive at Haier Biomedical, a real partner of the CCEOP program, and targeted companies involved in the transport of future COVID-19 vaccines.


The emails both asked for credentials and contained lines of malicious code. "It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world's only complete cold chain provider," IBM noted.

Read more: Inside Moderna's historic coronavirus vaccine program that transformed the biotech upstart into a $57 billion drug industry powerhouse

IBM said the campaign started in September 2020 and covered six countries, including Germany, Italy, and South Korea.

"While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft," IBM said. It also said its analysis didn't show whether the attacks were successful.

This isn't the first time researchers have found hackers targeting the COVID-19 vaccine. Microsoft announced in November it had detected efforts from North Korea and Russia-backed hackers to infiltrate the systems of COVID-19 vaccine-makers.