Latest News

December 3, 2020

With Pfizer and Moderna announcing promising results from their COVID-19 vaccine trials, countries face a new challenge when it comes to widespread distribution of these effective vaccines: the cold chain. These vaccines require a cold chain, meaning a temperature-controlled supply chain that maintains the desired temperature range throughout distribution. New research from IBM Security X-Force reveals that the cold chain is being targeted in a precision phishing campaign. 

IBM Security X-Force published threat research disclosing the discovery of a highly-targeted operation against the COVID-19 vaccine cold chain supporting the Gavi Alliance and UNICEF's efforts to safely transport a vaccine to underdeveloped regions. These regions also rely on external aid to store their vaccines in temperature-controlled environments. This campaign has the hallmarks of a state-sponsored attack.

Some of the elements detailed in IBM's research include: 

• Attackers impersonated a key individual from a Chinese biomedical company to conduct spear-phishing attacks against global organizations that provide material support to the cold chain. 
• Credential harvesting attempts against global organizations in at least six countries to access sensitive information pertaining to the vaccine transport and distribution.

The entities involved in this targeting are meticulously interlinked, warranting significant resources and time from the adversary to execute this campaign. IBM is putting out this research to alert the broader COVID-19 supply chain. To learn more about the campaign, read the full post on SecurityIntelligence.com.