On Wednesday, IBM reported that its cyber-security unit has discovered more digital attacks targeting the global COVID-19 vaccine supply chain since the problem was first reported late last year.
IBM Security X-Force has now revealed that the number of organizations affected has increased since the previous evaluation. A total of 44 organizations from 14 countries were singled out for attack. The targeted companies are key organizations involved in transportation, warehousing, storage, and distribution in Europe, North America, South America, Africa, and Asia.
The threat actor began sending spear-phishing emails in early September 2020, before any COVID-19 vaccine variant was approved, in order to pre-position themselves in the evolving infrastructure. The emails requested quotes for the Cold Chain Equipment Optimization Platform (CCEOP) program and mentioned Haier Biomedical products used for storage and transportation of vaccines.
IBM which has identified 50 files associated with the attacks, states the threat actor has excellent knowledge of the cold chain. Spear-phishing emails impersonating the executive from Chinese biomedical firm Haier Biomedical were extensively used in the attacks.
IBM stated that “While our previous reporting featured direct targeting of supranational organizations, the energy and IT sectors across six nations, we believe this expansion to be consistent with the established attack pattern, and the campaign remains a deliberate and calculated threat.”
The attacks used HTML files that included references to solar panel manufacturers and petrochemical companies. Around eight distinct organizations in the aviation, aerospace, shipping, and transportation services industries, as well as biomedical research, medical manufacturing, pharmaceuticals, and hygiene services, were hit by the attackers. Six companies in web-hosting, software creation, IT operations and outsourcing, and online platform provisioning were also affected.
Government agencies (involved in the import/export of special products, transportation, and public health), as well as establishments in the refrigeration and metal manufacturing industries, were targeted, according to IBM.
According to IBM security analysts, the attackers were attempting to gain access to the COVID-19 vaccine cold chain for espionage purposes, including information on national Advance Market Commitment (AMC) agreements, distribution timetables, collection or duplication of the electronic documents, and warehousing technical requirements.
“While clear attribution remains presently unavailable, the rise of ‘vaccine nationalism’ and increased global competition surrounding access to vaccines suggests the higher likelihood of a nation-state operation,” IBM added.