IBM, the American technology and consulting firm, is sounding the alarm about hackers targeting businesses that are vital to the delivery of COVID-19 vaccines, a warning that digital spies are turning their attention to the complicated logistical work involved in vaccinating the world’s population against the coronavirus.
In a blog post, the company said it had uncovered a “global phishing campaign focused on organizations affiliated with the COVID-19 vaccine’s “cold chain,” which is the process required to preserve vaccine doses at extremely cold temperatures as they travel from producers to the arms of people.
The US Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed, the US government’s national vaccine mission, to be on the lookout.
To deliver vaccines developed by the likes of Pfizer and BioNTech, understanding how to create a safe cold chain is important because the shots need to be stored at or below minus 70 degrees Celsius (-94 F) to prevent damage.
The cybersecurity unit of IBM said it had identified an advanced group of hackers working to collect information about various aspects of the cold chain, using meticulously designed emails sent in the name of an executive from Haier Biomedical, a Chinese cold chain provider specializing in the transport of vaccines and biological sample storage.
The hackers went through “an exceptional amount of effort,” said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model and pricing of various Haier refrigeration units, Zaboeva said.
“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” she said.
Haier Medical did not offer any comments.
IBM reported that the fake Haier emails were sent to about 10 different organizations, but only one target was listed by name – the Directorate-General for Taxation and Customs Union of the European Commission, which deals with tax and customs issues across the EU and has helped to develop rules on vaccine imports.
IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice. Who is behind the vaccine supply chain espionage campaign isn’t clear.
Earlier reports had suggested how hackers linked to Iran, Vietnam, North Korea, South Korea, China and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments.
IBM’s Ms. Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world,” she said.