COVID Vaccine Supply Chain Targeted By Hackers
Precision Target and Organization Setting Suggests That Attack Was a Nation-State Activity
According to the management consulting firm IBM, the international coronavirus vaccine supply chain has been targeted by hackers in a cyber-espionage. The firm was able to trace an operation that was aimed at the cold chain management that used to keep the required reduced temperature for the coronavirus vaccine to not be denatured during transportation.
IBM workers were unable to identify the people behind the cyber-espionage on the COVID-19 vaccine supply chain, but the level of sophistication and complexity used during the attack suggests that the attacks are possible from a nation-state. This attack has been a follow-up for the multiple warning from governments of countries, including the United Kingdom that is targeting several different aspects of the undergoing research regarding the development of a viable coronavirus vaccine.
Exploitation through email
IBM believes that the campaign for the attack on the vaccine supply chain was initiated during the month of September 2020. Some of the initial workings by the covert organization includes sending phishing emails that were sent to at least six nations involved in the vaccine supply chain process, that later targeted corporations that have some link to the Cold Chain Equipment Optimization Platform of Gavi, the organization which is an international vaccine alliance formed to develop a viable coronavirus antidote to limit further transmission of the deadly infection.
The partners of Gavi are the Bill & Melinda Gates Foundation, the World Bank, UNICEF, and the World Health Organization. These organizations play a very major role in the distribution process of vaccines across the world to some of the most underdeveloped countries and regions that require assistance. As some of the antidotes could denature if not placed at the right temperature during the vaccine supply chain, the facility of cold chain temperature management is acquired.
Acquiring login details through malicious codes
The coronavirus vaccine developed by the joint collaboration of Pfizer and BioNTech requires to be kept at the same cold temperature of around -70C during the vaccine supply chain, or it could alter the molecular structure due to which it would not be able to work properly.
For the precise attack on the vaccine supply chain, the attacking party was able to impersonate as an executive from a legitimate firm from China that has been previously involved with the CCEOP’s vaccine cold chain transport and management, making it more likely for the targets to be engaged in the email.
Later, the hackers sent phishing emails to the transportation company, which gains login credentials and passcode when interacted with the malicious email. The login identification from the organization allowed the cyber-terrorists to have an understanding of the infrastructure that the government is looking forward to using for the distribution of the coronavirus vaccine supply chain.
After a thorough and advanced awareness on the movement and purchase of a vaccination that could possibly alter the impact over the general population along with the global economic recession, it is likely to be of increased value and a possible high preferential nation-state viable target.
According to IBM, a wider target for the vaccine supply chain included the corporations that are involved in the production of solar panels, which could be used generally for keeping the right required temperature during the vaccine cold chain is placed where the electric power supply is not reliable.
A South Korean software developing firm was targeted along with a website development company from Germany that is in support of those clients that are in association with pharmaceutical manufacturing companies and container transportation.
The entire campaign for the vaccine supply chain target was found out by a security team that was previously set up at the start of this year to track down cyber threats related to the COVID-19 infection. The methods used by the cyber-espionage, including precision targeting and specific organizations, clearly suggest that the attack was a nation-state action.