Threat Watch

Phishing Campaigns Target Multiple Organizations in COVID-19 Cold Chain

The COVID-19 vaccine cold chain, which is the supply chain for cold storage and movement of vaccines, has been recently targeted by threat actors. According to IBM’s X-Force, hackers are targeting specific, high-level executives at multiple companies around the world that all play a role in the cold storage and transportation of the vaccine. None of the attacks were able to be linked to a specific threat actor, but analysts stated that the attacks have all the signs of a nation-state attack. The attack targeted companies and Government entities including the European Commission’s Directorate-General for Taxation and Customs Union, which monitors the movement of supplies across borders. A company that manufactures solar panels, which are used for cold storage transportation, and a German IT company that makes websites for pharmaceutical manufactures. The targeted high-level executives of the companies were sent a phishing email that is typically spoofed from the identity of a business executive. The executive is from Haier Biomedical, a Chinese company that is part of the United Nation’s official Cold Chain Equipment Optimization Platform (CCEOP). The emails contain malicious HTML files as attachments and prompt users to enter their credentials, which the threat actor collects.

ANALYST NOTES

This attack is one of many that have targeted the COVID-19 vaccine research and distribution infrastructure, which has been highly sought after since the pandemic started. Attacks that target information about the vaccine have included several companies around the world and the attacks have been linked to Russia, China, Iran, and North Korea. With the announcement from Pfizer that the UK will begin to administer their vaccine next week, cold storage entities will continue to be a target. Attacks like this outline how critical every step in the supply chain is. Even though some of the entities in the supply chain may not seem like they house sensitive information, they can allow an easy gateway for threat actors to move to the next entity through established third-party trust connections or provide valuable information about other companies that could be used to target them directly.

More can be read here: https://www.zdnet.com/article/mysterious-phishing-campaign-targets-organizations-in-covid-19-vaccine-cold-chain/