IBM security analysts have discovered a global phishing campaign designed to infiltrate organizations associated with managing cold chain supplies of COVID-19 vaccines. The cyber threat analysis suggests this campaign presents the hallmarks of nation-state spycraft but no individual country has so far been implicated in the activity.
In early 2020, recognizing the unique cybersecurity issues posed by a global pandemic, IBM created a specific COVID-19 security task force. A branch of its Security X-Force division, this collection of cybersecurity analysts focused particularly on ways hackers may be maliciously using the pandemic for novel, targeted scams.
An early discovery from the task force revealed a highly targeted phishing campaign directed at a German corporation tasked with procuring personal protective equipment (PPE). Tracked back to a Russian-based IP address, it was unclear what the goal of those cyberattacks were, but the analysts hypothesized at the time that it was, “highly likely criminal and state-sponsored actors alike will seek to exploit global procurement and supply chains with the intention of either profiting from the crisis or supporting the acquisition activities of their host nation.”
A new blog post authored by IBM X-Force analysts Claire Zaboeva and Melissa Frydrych reports the detection of a calculated phishing campaign targeting organizations affiliated with an international cold chain equipment optimization program. The analysis reveals the phishing activity impersonated an employee from Haier Biomedical, a Chinese company working with several United Nations agencies to create cold chain supply lines for effective COVID-19 vaccine distribution.
“It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider,” suggest Zaboeva and Frydrych. “We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.”
At this stage it is unclear if any of these phishing attempts were successful. In conjunction with the IBM report, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert to all organizations involved in vaccine distribution urging vigilance in their security practices.
Exactly where this attack could be coming from is also an ongoing mystery. IBM is not pointing to any particular country as being responsible at this point, but Zaboeva and Frydrych do make clear the activity bears all the hallmarks of nation-state cyber-activity.
“While attribution is currently unknown, the precision targeting and nature of the specific targeted organizations potentially point to nation-state activity,” write Zaboeva and Frydrych. “Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets.”
Source: Security Intelligence
