IBM: Global phishing campaign targets Covid-19 vaccine supply chain

3 Dec 2020

Image: © arcyto/

IBM has uncovered evidence of a global phishing campaign targeting organisations associated with the cold storage of Covid-19 vaccines.

A global effort to disrupt the shipping of some Covid-19 vaccines has been preparing for months, according to IBM. In a blog post, the company’s senior strategic cyberthreat analyst, Claire Zabovea, said the international operation is specifically targeting organisations associated with a Covid-19 cold chain.

The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

The Pfizer and BioNTech vaccine, for example, needs to be stored at a temperature of minus-70 degrees Celsius. The companies recently said they have developed specially designed, temperature-controlled thermal containers that use dry ice to ship the vaccine.

However, according to IBM’s investigation, a phishing campaign spanning six countries began in September 2020 and is targeting organisations likely associated with Gavi, the Vaccine Alliance’s cold chain equipment optimisation platform (CCEOP).

The IBM Security X-Force team claims that whoever is behind the campaign impersonated a business executive from Haier Biomedical, a Chinese member company of the Covid-19 vaccine supply chain and qualified supplier for the CCEOP programme.

Pretending to be this business executive, the adversary sent phishing emails to organisations believed to be providers of material support for transportation within the Covid-19 cold chain.

Target organisations included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organisations within the sectors of energy, manufacturing, website creation and software, and internet security solutions.

Targets and who is sending them

IBM believes whoever is behind the campaign chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider. While it is still unknown who is behind the campaign, IBM believes the complexity of the scheme suggests it being backed by a nation-state operation.

“Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target,” Zabovea wrote.

It is not known how effective the campaign was in extracting information from targets, and Haier Biomedical did not respond to Reuters’ request for comment while representatives for the directorate-general could not be reached.

As for the campaign’s purpose, IBM said it may have been to harvest credentials to gain future unauthorised access. From there, the adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a Covid-19 vaccine.

Zabovea said: “Moving laterally through networks and remaining there in stealth would allow them to conduct cyberespionage and collect additional confidential information from the victim environments for future operations.”

Colm Gorey was a senior journalist with Silicon Republic