Hackers targeted Covid-19 vaccine 'cold supply' chain network

3 December 2020, 12:14 | Updated: 3 December 2020, 14:56

The cyber attack targeted the vaccine 'cold chain'
The cyber attack targeted the vaccine 'cold chain'. Picture: PA

By Maddie Goodfellow

Hackers have targeted companies vital to the 'cold chain' distribution of the Covid-19 vaccine.

According to an alert issued by the US government and a research blog published by IBM, the campaign to attack the companies started in September.

Organisations associated with the 'cold chain' including governments, energy companies and the IT sector have all been targeted.

The 'cold chain' is an essential part of distributing vaccines manufactured by Pfizer/BioNTech, which was approved for use in the UK on Tuesday, as they needs to be stored at -70C to avoid spoiling before being administered.

Although it has not been announced if the sophisticated phishing emails were successful, IBM warned that the campaign bore "the potential hallmarks of nation-state tradecraft" rather than an attack by cyber criminals.

"Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets," said IBM.

The emails were sent to 10 organisations, including the European Commission's Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU, a South Korean software-development company and a German website-development company.

Claire Zaboeva, an IBM analyst involved in the detection, said the agency "would be a gold mine" for hackers seeking to access other organisations.

The hackers sent phishing emails impersonating a business executive from the Chinese company Haier Biomedical, which is "a credible and legitimate member company of the COVID-19 vaccine supply chain" according to IBM.

The intention of the campaign "was to harvest credentials possibly to gain future unauthorised access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution", IBM said.

IBM says it has notified those targeted as well as law-enforcement authorities.

The US's Cybersecurity and Infrastructure Security Agency (Cisa) has issued an alert encouraging organisations associated with the storage and transport of a vaccine to be on guard for the kind of attacks linked to IBM's report.

It comes after the UK warned Russian intelligence had targeted UK vaccine research, including at Oxford, back in July.

The US also warned of Chinese hacking, while, more recently, Microsoft said it had seen North Korean and Russian hackers targeting vaccine research.

Officials suggested the activity so far had been about intelligence gathering rather than disruption of any research.

Dr Daniel Prince, Senior Lecturer in Cyber Security at Lancaster University, told LBC that we don't know the exact motives of this attack yet but it shows the UK "needs to be able to defend itself in cyber space".

"Effectively, it’s a fraud, somebody has pretended to be from a very large Chinese company that works within the cold store supply chain and has sent phishing emails out to suppliers," he explained.

"In the emails, there is a malicious piece of software that captures the usernames and passwords on those systems. The person who has sent those original emails can then harvest the emails and access the company remotely."

Speaking about the impact this kind of attack could have on the vaccine supply, Dr Prince said: "In terms of specifically on the vaccine at this initial stage there is not a lot of risk, but depending on the companies that are targeted, hackers could potentially steal information about the vaccine.

"This targeted the supply chain, such as companies making solar panels and supplying website services, but governments have previously said that groups have been targeting the manufacturers of the vaccine.

"Their systems could therefore be compromised if the hackers get access to other companies in the supply chain."

Asked about the motives behind this attack, Dr Prince explained: "If it is a criminal gang, they will want financial rewards and could pretend to be someone in the company to get this.

"This is thy they are presenting the email as being from a company that people trust, it puts pressure on people.

"Hackers know everyone is concerned about Covid, so it gives a pressure point for hackers to exploit by pretending to do something good for the supply chain. People's guard may be down and they may not do the proper checks - giving hackers a way in."

He continued: "If it was a Nation State, as has been suggested, those type of attacks usually use the company as a stepping stone to get into interesting areas.

"Hackers will see supply chain as one of the weakest links and outside of the control of the vaccine companies, so if the supply chain is not very secure and interacts with these companies then that increases the risk to the vaccine.

"In effect, targeting the supply chain and support services could be seen as a mechanism to get hold of the vaccine."

However, Dr Prince did explain that there is no concrete evidence that this attack was conducted by a nation state or is connected to the Russian attack in July.

Asked what the aim of this attack could be, Dr Prince said: "At this stage we don’t know what the ultimate goal is but it provides clear rationale for the UK's national cyber force which the government has set up.

"We need to defend ourselves in cyber space and online security needs to be embedded in company policy as it is such a fundamental part of day to day life now."