Security researchers have spotted malicious cyber actors targeting the COVID-19 vaccine cold chain via a global phishing cyber campaign.
The vaccine cold chain is the part of the vaccine supply chain used to safely preserve vaccines via temperature-controlled storage and transportation.
Researchers from IBM X-Force uncovered the global phishing campaign that started in September, 2020.
“The COVID-19 phishing campaign spanned across six countries and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program,” IBM’s X-Force team stated in a recent blog post.
The security experts further explained that bad actors are targeting executives and key global organizations that “hold the potential hallmarks of nation-state tradecraft.”
Cold Chain targets
In one case, IBM’s Security X-Force observed bad actors impersonating a business executive from Haier Biomedical, a complete biomedical cold chain provider and member of the COVID-19 vaccine supply chain.
“Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain,” the IBM security team added.
Moreover, the actors were likely to steal credentials in order to gain unauthorized access to the victim organization’s networks and sensitive information.
According to the report, targets include organizations in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan. Those targets include organizations in multiple sectors in the energy, manufacturing, website creation, software and internet security solutions sectors.
In addition, adversaries targeted the European Commission’s Directorate-General for Taxation and Customs Union in recent cyber attacks.
High alert warning
X-Force’s security team further urged COVID-19 supply chain companies “to be vigilant and remain on high alert during this time.”
In addition, key supply chain executives in sales, procurement, IT and finance positions, should also be extra watchful to guard against phishing and social engineering attacks.
These attacks look eerily similar to spear phishing attacks launched earlier this year against the oil and gas sector to drop Agent Tesla malware.
In those attacks, bad actors impersonated an engineering contractor in Egypt (Enppi – Engineering for Petroleum and Process Industries) in order to target multiple energy companies.
Finally, it is no surprise that cybercriminals continue to abuse the COVID-19 pandemic to spread fear and misinformation.
As we have seen through most of 2020, there will likely be more pandemic-based phishing attacks across multiple technology platforms and supply chains.