Attacks by unknown attackers since September have sought to compromise on “selected executives in sales, purchasing, IT and financial positions” in organizations responsible for delivering vaccines under appropriate temperature-controlled conditions, IBM said in a blog post.
The Department of Homeland Security’s Cyber Security and Infrastructure Security Agency issued its own warning on Thursday citing IBM’s findings.
As the head of Haier Biomedical – a real participant in the Covid-19 vaccine – the hackers sent emails to the EU’s Directorate-General for Taxation and Customs Union and organizations in the energy, manufacturing and software sectors, IBM said. The emails were written to look like requests for quotations to potential participants in the vaccine program.
These so-called spear emails were designed to trick victims into selling their username and password, which could have given attackers more access to information about the vaccine, its development and distribution.
It is not clear what the motives of the attackers were, IBM said. Nor is it clear who might be responsible for the attacks. But IBM says state-sponsored hackers should not be excluded based on the type of targets involved.
“Detailed insight into the purchase and movement of vaccines that affect life and the global economy is likely to be a high-value and high-priority nation-state target,” IBM said.
Earlier this year, a similar hacking campaign targeted the global supply chain for personal protective equipment, IBM added.