An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target

An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target

In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in 14 countries in Europe, North America, South America, Africa and Asia.

The expanded scope of precision targeting includes key organizations likely underpinning the transport, warehousing, storage and ultimate distribution of vaccines. Spear-phishing attempts were associated with multiple executive activities and other roles, including:

Chief Executive Officers
Global Sales Officers
Purchasing Managers
Company Presidents
System Administrators
Sales Representatives
Directors of Finance
Export Sales Managers
Human Resource Officers
Heads of Marketing & Communication
Heads of Supply & Logistics
Heads of Plant Engineering

The campaign impersonates an executive from Haier Biomedical, a major Chinese biomedical company that is purported to be the world’s only complete cold chain provider. The updated findings were made available via our Enterprise Intelligence Management platform TruSTAR in January 2021. In the same timeframe, X-Force reached out to relevant CERTS and global entities in concert with our responsible disclosure policy.

Email Significance

Exploring the available emails, X-Force uncovered multiple features which likely signal the actor’s exceptional knowledge of the cold chain. While our previous reporting featured direct targeting of supranational organizations, the energy and IT sectors across six nations, we believe this expansion to be consistent with the established attack pattern, and the campaign remains a deliberate and calculated threat.

The uncovere ..