By Frank Bajak

IBM security researchers say they have detected a cyberespionage effort using targeted phishing emails to try to collect vital information on the World Health Organization's initiative for distributing COVID-19 vaccine to developing countries.

The researchers said they could not be sure who was behind the campaign, which began in September, or if it was successful. But the precision targeting and careful efforts to leave no tracks bore "the potential hallmarks of nation-state tradecraft,” they said in a blog post on Thursday.

The campaign’s targets, in countries including Germany, Italy, South Korea, and Taiwan, are likely associated with the development of the “cold chain” needed to ensure coronavirus vaccines get the nonstop sterile refrigeration they need to be effective for the nearly 3 billion people who live where temperature-controlled storage is insufficient, IBM said.

“Think of it as the bloodline that will be supplying the most vital vaccines globally," said Claire Zaboeva, an IBM analyst involved in the detection.

The U.S. Cybersecurity and Infrastructure Security Agency later issued an advisory encouraging Operation Warp Speed, the Trump administration’s vaccine program, and other organizations involved in vaccine storage and transport, to review IBM’s findings.

Whoever is behind the operation could be motivated by a desire to learn how the vaccines are best able to be shipped and stored — the entire refrigeration process — in order to copy it, said Nick Rossmann, the IBM team’s global threat intelligence lead. Or they might want to be able to undermine a vaccine’s legitimacy or launch a disruptive or destructive attack, he added.

In the ploy, executives with groups likely associated with the initiative known as Covax — created by the Gavi Vaccine Alliance, the World Health Organization, and other U.N. agencies — were sent spoofed emails appearing to come from an executive of Haier Biomedical, a Chinese company considered the world's main cold-chain supplier, the analyst said.

The phishing emails had malicious attachments that prompted recipients to enter credentials that could have been used to harvest sensitive information about partners vital to the vaccine-delivery platform.

Targets included the European Commission’s Directorate-General for Taxation and Customs Union and companies that make solar panels for powering portable vaccine refrigerators. Other targets were petrochemical companies, likely because they produce dry ice, which is used in the cold chain, Zaboeva said.

The EU agency has been busy revising new import and export regimes for coronavirus vaccines and would be a gold mine for hackers seeking stepping stones into partnering organizations, she said.

Covax has struggled to raise enough money to compete for vaccine contracts against the world’s wealthiest nations in the race to secure doses as fast as they can be produced. But the UN and Gavi have invested millions in cold-chain equipment across Africa and Asia. The investment, in the works well before the pandemic, was accelerated to prepare for an eventual global rollout of coronavirus vaccines.

Whoever was behind the phishing operation likely sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the blog post said. Coronavirus vaccines will be one of the world’s most sought-after products as they are distributed, so theft may also be a danger.

Last month, Microsoft said it had detected mostly unsuccessful attempts by state-backed Russian and North Korean hackers to steal data from leading pharmaceutical companies and vaccine researchers. It gave no information on how many succeeded or how serious those breaches were. Chinese state-backed hackers have also targeted vaccine makers, the U.S. government said in announcing criminal charges in July.

Microsoft said most of the targets — located in Canada, France, India, South Korea, and the United States — were researching vaccines and COVID-19 treatments. It did not name the targets.

On Wednesday, Britain became the first to country to authorize a rigorously tested COVID-19 vaccine, the one developed by American drugmaker Pfizer and Germany's BioNTech.

Other countries aren’t far behind: Regulators not only in the U.S. but in the European Union and Canada also are vetting the Pfizer vaccine along with a shot made by Moderna Inc. British and Canadian regulators are also considering a vaccine made by AstraZeneca and Oxford University.

The logistical challenges of distributing vaccines globally are huge. The Pfizer-BioNTech one must be stored and shipped at ultra-cold temperatures of around minus 70 degrees Celsius (minus 94 degrees Fahrenheit).

___

Associated Press writer Lori Hinnant in Paris contributed to this report.

Share:
More In Culture
Having a Feral Girl Summer With Spotify 2022 Summer Song Playlist
Spotify has announced its official Songs of the Summer predictions. Lea Palmieri, a Spotify trend expert and podcast host, joined Cheddar News to break down the acts who made the cut and how. “It's a mix of streaming data charts and also our global curation team," she said. "They're keeping an eye on all of the hottest music." While Harry Styles has recently topped the Spotify charts, Palmieri also addressed the "Feral Girl Summer" trend, which she described as going "moderately wild, having fun, enjoying yourself."
Recapping the 75th Annual Tony Awards
The Tony Awards made its sensational return to Radio City Music Hal for the first time since 2019. 'A Strange Loop' stole the show, winning Best Musical while Adrianna Debose hosted in the most spectacular way possible. Cheddar News was joined by Broadway Reporter Leigh Scheps to break down the 75th Annual Tony Awards.
U.S. Stocks Close at Session Lows
U.S. stocks closed Thursday at their lowest levels of the trading day, as investors continue to eye inflation ahead of the May CPI report out Friday. Art Hogan, Chief Market Strategist for National Holdings, joins Cheddar News' Closing Bell to discuss.
U.S. Stocks Close at Session Lows Following High May Inflation Data
U.S. stocks closed Friday at session lows after May CPI data showed inflation in the U.S. has not peaked and is still rising rapidly. For the week, the S&P fell 5.06%, the Dow lost 4.58%, and the Nasdaq dropped 5.60%, marking the worst week since January for all three major indexes. Mike Zigmont, Head of Trading and Research at Harvest Volatility Management, joins Cheddar News' Closing Bell to discuss.
Christie’s to Offer Rare 'Legacy of the GOAT' Michael Jordan Memorabilia
Auction house Christie's will be presenting "Legacy of the GOAT," which will include a rare Michael Jordan signed rookie card and sneakers. Caitlin Donovan, the vice president of Christie's handbags and accessories department. joined Cheddar News to discuss the special memorabilia selection for the NBA great. "He's been a global phenomenon, so he's really shaped '90s culture and streetwear culture," she said. "And we see bidders from every pocket in the world."
The Second Annual 'Catch a Clean Wave' Initiative
Kona Brewing Co., pro surfer Anna Gudauskus, and surf photographer Sarah Lee are embarking on an 1,500+ mile beach cleanup down the East Coast. Gudauskus and Lee join Cheddar News to discuss the initiative.
MLK Jr. Grandaughter Yolanda Renee King on the March For Our Lives Return to DC
March For Our Lives will be returning this weekend to Washington, DC, in the wake of the recent mass shooting seen throughout the country. Marchers include Yolanda Renee King, the only granddaughter of Martin Luther King Jr. She joined Cheddar News to discuss the importance of the march and activism in general. "I just think that it's so important to have these rallies because we need to demand to our leaders and politicians that they pass legislation and that and we actually need to see action," she said.
Load More