Large-scale vaccination against COVID-19 has not yet started, but it has become the target of hackers. IBM security researchers have identified attacks against companies and public agencies that are directly or indirectly related to the so-called cold chain, i.e. the infrastructure needed to operate. Vaccine transfer and storage should be refrigerated.
This is the case with Pfizer and Moderna vaccines, for example, which must be stored at -70 ° C and -20 ° C, respectively. Based on IBMThe attack effort started in September and focuses on companies close to the GAVI Cold Chain Equipment Optimization Platform (CCEOP), a worldwide organization created to expand its reach access to vaccines.
This action took place with targets in Germany, Italy, the Czech Republic, South Korea and Taiwan. One of these is the General Department of Taxation and the Customs Union of the European Commission, which has the power to reduce taxes on the transport of vaccines between countries within the bloc.
The hackers also reach solar panel manufacturers who secure the energy to keep vaccines cool, and software development companies and websites that provide services to companies. pharmaceutical companies, shipping companies and other cold chain related companies.
Claire Zaboeva, senior cyber threat analyst at IBM Security X-Force, said: “This activity happened in September, meaning someone is looking to go beyond themselves, looking where they need to go. at the critical moment, ”said Claire Zaboeva, senior network threat analyst at IBM Security X-Force. Wired. “This is the first time we’ve seen this level of pre-positioning in the context of a pandemic.”
Hackers use phishing attacks
According to IBM researchers, this malicious campaign emerged through phishing attacks in which hackers impersonated the employees of Haier Biomedical, a Chinese company claiming to be a chain supplier. The world’s only complete cold. The emails presented what would be the budget requirement.
Obviously, the aim is to collect confidential information of companies for improper access to systems that have detailed information about the distribution of vaccines against COVID-19. The messages have HTML files attached in which representatives of the companies identified as the target may insert confidential data.
Files opened locally, according to the researchers, are a way for hackers to avoid dropping pages if they are discovered by authorities.
IBM failed to determine whether any of the attack attempts were successful, nor what the hacker ‘s exact purpose was. However, as Zaboeva pointed out WiredOnce you have access to the information, there is a number of actions available, such as critical information theft or destructive attacks.