The COVID ‘cold chain’ is now under attack, likely a nation state, although the identity of the threat actors remains unknown for now, according to an IBM report.
Ever since the start of the research into the COVID-19 pandemic, threat actors have been trying either hamper the efforts into finding cure or tried to steal precious researcher data. Over the course of 2020, numerous attacks directed against pharmaceutical companies and research laboratories have been thwarted, and it looks like this new attempts follows the same lines.
The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.
Security researchers from IBM discovered a complex phishing campaign directed at the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, according to a BBC report.
“The adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program, said IBM. “The company is purportedly the world’s only complete cold chain provider. Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.”
The attackers went after European Commission’s Directorate-General for Taxation and Customs Union, along with organizations within the energy, manufacturing, website creation and software and internet security solutions sectors.
The goal of the attack was to gather credentials that would allow for much wider access to the research and other transport infrastructure data.
“The adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine. This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it. However, beyond critical information pertaining to the COVID-19 vaccine, the adversary’s access could extend deeper into victim environments.”
The Cybersecurity and Infrastructure Security Agency (CISA) already issued a warning regarding possible campaigns using this exact vector and it’s likely that threat actors will continue to try and gather credentials and research data, if possible.