IBM Security X-Force uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

The analysis indicates that this calculated operation started in September 2020. The COVID-19 phishing campaign spanned across six countries and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program.

According to the blog post, the people behind the phishing operation sent emails to the organizations’ executives claiming to be an executive from CCEOP supplier Haier Biomedical. The emails, which purported to request quotations related to CCEOP, contained HTML attachments which asked for the opener’s credentials, which the actor could store and use to gain unauthorized access down the line.

Buy Me A Coffee

“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” reads the blog post.

It’s not yet clear who’s behind this campaign, but the researchers suspect a nation-state actor rather than a private individual or group. “Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets,” the blog post reads. “Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.”

24 Bugs in Chinese Biometric Devices Can Compromise Data

IBM recommends that companies involved in COVID-19 vaccine storage and transport “be vigilant and remain on high alert during this time.” The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert encouraging the organizations to review IBM’s report.