In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in 14 countries in Europe, North America, South America, Africa and Asia.
The expanded scope of precision targeting includes key organizations likely underpinning the transport, warehousing, storage and ultimate distribution of vaccines. Spear-phishing attempts were associated with multiple executive activities and other roles, including:
Chief Executive Officers
Global Sales Officers
Directors of Finance
Export Sales Managers
Human Resource Officers
Heads of Marketing & Communication
Heads of Supply & Logistics
Heads of Plant Engineering
The campaign impersonates an executive from Haier Biomedical, a major Chinese biomedical company that is purported to be the world’s only complete cold chain provider. The updated findings were made available via our Enterprise Intelligence Management platform TruSTAR in January 2021. In the same timeframe, X-Force reached out to relevant CERTS and global entities in concert with our responsible disclosure policy.
Exploring the available emails, X-Force uncovered multiple features which likely signal the actor’s exceptional knowledge of the cold chain. While our previous reporting featured direct targeting of supranational organizations, the energy and IT sectors across six nations, we believe this expansion to be consistent with the established attack pattern, and the campaign remains a deliberate and calculated threat.
The uncovere ..