As a partner in the distribution of the COVID-19 vaccine, IBM uncovered a cyber espionage campaign directly aimed at the “cold chain” process that keeps mRNA-based SAR-CoV-2 vaccines at the right temperature during delivery.
While the identification of the hackers is still unknown, the fact that they are targeting vaccine distribution indicates that they may be a nation-state instead of your run-of-the-mill cybercriminal looking to make a quick buck.
The methods nation-states use when hacking typically come in the form of an Advanced Persistent Threat (APT) that can remain in a system for months without discovery as the hacking team gathers more and more intel about the subject it is spying on.
Foreign threat actors have targeted numerous countries that are active participants in vaccine research and development.
How it happened
Cold Chain Equipment Optimisation Platform of Gavi (CCEOP) is an organization that spans six nations and is partnered with large corporations including the World Health Organization, Unicef, World Bank, and the Bill and Melinda Gates Foundation. These companies contract out to smaller firms to physically distribute vaccines.
Hackers impersonated a Chinese CCEOP executive and sent phishing emails to partner companies involved in the trucking and transportation portion of the cold chain process, another aspect of the hack that has clued cyber espionage trackers as to the nation-state nature of the attacks.
Understanding the infrastructure a government uses for vaccine distribution is high-value intelligence that can have a nationwide impact on all aspects of life. How vaccines are purchased and their movement varies by country, and stolen intelligence can help other countries that might be facing similar issues.
Companies like solar panel manufacturers that keep the vaccine cold, software developers, and website development companies that support pharmaceutical clients and biotechnology manufacturers have all been targeted, likely by Russian, Chinese, Iranian, and/or North Korean threat actors.
Staying on high alert
The CISA (Cybersecurity and Infrastructure Security Agency) has issued an alert that storage companies should be on guard for potential hacking from foreign adversaries due to the high stakes and the national importance that vaccine distribution has on citizens and business interests.
At the moment, experts believe foreign adversaries are more focused on intelligence gathering than research disruption in companies in both the UK and the United States.
What you can do
If you are a company involved in the distribution of the COVID-19 vaccine, you will obviously want to take CISA’s advice on how to protect yourself.
Additionally, companies can take matters into their own hands by partnering with a team that has years of experience in matters like this and is uniquely prepared to meet the challenges of APTs and foreign threat actors.
How Paubox can help
Paubox is committed to providing safe and secure email solutions for healthcare and research organizations that are involved in high stakes communications. The importance of secure communications is paramount because having resources hacked can unravel months of intensive work.
In addition to multi-factor authentication that ensures only verified users are getting access to your account, Paubox Email Suite also makes use of zero-step encryption that automatically encrypts all emails, including ones that include sensitive information like patient data, a critical aspect of HIPAA compliant email.
Additionally, had some of the vaccine distribution victims partnered with Paubox, they could have potentially avoided the “Chinese executive ” phishing scam through our ExecProtect feature that identifies and quarantines (pun intended) display name spoofing emails.
The development, manufacturing, and distribution of vaccines for the pandemic has been one of the most ambitious undertakings of the 21st century. It only makes sense that there would be malicious actors that want to take advantage of any potential vulnerability. Make sure your email communications are safe and secure by partnering with Paubox.