According to IBM, the global supply chain for the COVID-19 vaccine has been targeted by a cyber espionage campaign; the company has suggested that due to the sophistication of these attacks, the perpetrator could likely be a nation state.
IBM claims that the campaign has been targeting the delivery “cold chain” which is in place to maintain the right temperature of the vaccine supply whilst it is being transported.
The campaign – which IBM believes has been operating since September 2020 – has been sending scam emails out across several countries to target organisations that are linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the Vaccine Alliance.
The phishing emails – that WatchGuard Technologies predicts will become an even more powerful weapon for cybercriminals throughout 2021 – were sent out by criminals impersonating legitimate business executives to companies involved with CCEOP; they also emailed transportation organisations to try and acquire log-in credentials.
According to the BBC, IBM released the following statement: “Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.
“The precision targeting and nature of the specific targeted organisations potentially point to nation-state activity.
“Without a clear path to a [pay]out, cyber-criminals are unlikely to devote the time and resources required to execute such a calculated operation.”
If cyber-criminals received this information they would have access to clear government plans that could indicate distribution plans for the vaccine – this is an alarming proposition considering the UK is planning to begin vaccinations in December 2020.
IBM says it has notified the organisations that have been targeted.