IBM discovers global phishing campaign targeting vaccine Cold Chain

IBM discovers global phishing campaign targeting vaccine Cold Chain

IBM x-Force has released a report detailing a global phishing campaign headed by malicious cyber actors targeting vaccine cold-chain. The campaign attempted spear-phishing attacks in six countries, aiming for organizations and higher executive individuals linked to Chain Equipment Optimization Platform program ‘Gavi, the Vaccine Alliance’, IBM analysts say.

“Our analysis indicates that this calculated operation started in September 2020,” wrote IBM sr. strategic cyber-threat analyst Claire Zaboeva and, threat-hunt researcher Melissa Frydrych in their Security Intelligence report detailing the events of the global phishing campaign.

“We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.” they wrote.

“The adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program” the analysts wrote.

Such targeted attempts are known as ‘spear-phishing’, where a purposefully intended target is chosen to be impersonated to gain further entry into a larger network. An ideal target would be someone from whom one would open links without hesitation.

 The culprit behind these attacks is thought to be a state actor for two reasons; first, there is no clear way for an individual to profit from such a mass global phishing campaign. Second, The nature of the precise targeting of high-profile executives and global organizations “potentially point to nation-state activity.”

At such a crucial time, the analysts as well as governments are cautioning those involved in the vaccine supply chain “to be vigilant and remain on high alert”.

The report ends with some recommendations for organizations who wish to increase their “cyber readiness”:

  • Create and test incident response plans 
  • Share and ingest threat intelligence
  • Assess your third-party ecosystem 
  • Apply a zero-trust approach to your security strategy. 
  • Use Multifactor Authentication (MFA) across your organization
  • Conduct regular email security educational trainings
  • Use Endpoint Protection and Response tools