A cyber espionage campaign targeted at companies vital to the distribution of COVID-19 vaccines has been detected.
According to an alert issued by the US government and a research blog published by IBM, the hacking campaign started in September.
It targeted a range of organisations, including in government and across the energy and IT sectors, that are associated with the COVID-19 ‘cold supply’ chain.
Although it is not clear whether the sophisticated phishing emails were successful, IBM warned that the campaign bore “the potential hallmarks of nation-state tradecraft”.
The emails were sent to 10 organisations, including the European Commission’s Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU.
Claire Zaboeva, an IBM analyst involved in the detection, told Associated Press that the EU agency – which is revising import and export regimes for vaccines – “would be a gold mine” for hackers seeking to access other organisations.
The hackers have sent emails impersonating a business executive from the Chinese company Haier Biomedical, which is “a credible and legitimate member company of the COVID-19 vaccine supply chain” according to IBM.
The intention of the campaign was to harvest credentials, “possibly to gain future unauthorised access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution”.