Mysterious Cyber Group Attacks COVID-19 Vaccine Supply Chain

IBM X-Force specialists have detected an active malicious campaign: an unidentified cyber group attacks the COVID-19 vaccine supply chain. Attacks are carried out on selected organizations, one way or another related to the storage and transportation of vaccines.

Experts were unable to link the campaign to any particular cybercriminal group, but they did identify the hallmarks of government-funded hackers.

Let me remind you that cybercriminals also attacked COVID-19 vaccine developers.

During attacks, cybercriminals send phishing emails to their victims in order to steal their credentials for authorization in e-mail and other applications.

“Cybercriminals have attacked a wide range of companies, sectors and government agencies, including the European Commission’s Directorate General for Taxation and Customs Union, which oversees the movement of goods across borders, including medical supplies”, – say IBM X-Force researchers.

The attackers also targeted a solar panel manufacturer for transport refrigerators that transport vaccines and a petrochemical company that makes dry ice used for transportation of vaccines.

Another victim of the group is an IT company in Germany that creates websites for pharmaceutical manufacturers, carriers, biotech companies and manufacturers of electrical components for sea, land and air navigation and communications.

Attackers target the elected leaders of each company.

“These are usually people working in the sales, purchasing, IT and finance departments involved in the so-called cold supply chain – transporting vaccines at the required temperature”, – experts from IBM X-Force report.

Typically, cybercriminals send an email to the victim, allegedly on behalf of the Chinese company Haier Biomedical, which is an official member of the UN Cold Chain Equipment Optimization Platform (CCEOP) program. The phishing emails are disguised as CCEOP-related RFQs.

The emails contain malicious HTML files that the user must download and open locally on their computer. Once opened, the file asks the victim for credentials, allegedly for looking its contents. This approach frees attackers from having to create phishing online pages that can be detected by security researchers or law enforcement agencies.

The victims of cybercriminals were organizations not only in Germany, but also in Italy, the Czech Republic and other European countries, South Korea and Taiwan.

Recall also that In Brazil, data of 16 million patients with COVID-19 got public.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Sunburst backdoor with Kazuar malware

Security experts linked Sunburst backdoor with the Kazuar malware

Security professionals continue to investigate the massive supply chain attack on SolarWinds and its customers. …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.