A temperature controlled cold-storage haulage truck leaves the Pfizer facility in Puurs, Belgium, on December 3 2020. Picture: BLOOMBERG/GEERT VANDEN WIJNGAERT
A temperature controlled cold-storage haulage truck leaves the Pfizer facility in Puurs, Belgium, on December 3 2020. Picture: BLOOMBERG/GEERT VANDEN WIJNGAERT

Washington — IBM is sounding the alarm over hackers targeting companies critical to the distribution of Covid-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the coronavirus.

The IT company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organisations associated with the Covid-19 vaccine “cold chain” — the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms.

The US Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed — the US government’s national vaccine mission — to be on the lookout.

Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer and BioNTech because the shots need to be stored at minus 70°C or below to avoid spoiling.

IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted, booby-trapped e-mails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specialises in vaccine transport and biological sample storage.

The hackers went through “an exceptional amount of effort”, said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.

“Whoever put this campaign together is intimately aware of whatever products are involved in the supply chain to deliver a vaccine for a global pandemic,” she said.

Haier Medical did not return messages seeking comment. Messages sent to the e-mail addresses used by the hackers were not returned.

IBM said the bogus Haier e-mails were sent to about 10 different organisations but only identified one target by name: the European Commission’s directorate-general for taxation and customs union, which handles tax and customs issues across the EU and has helped set rules on the import of vaccines.

Representatives for the directorate-general could not immediately be reached for comment.

IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.

Who is behind the vaccine supply chain espionage campaign isn’t clear.

Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China and Russia have, on separate occasions, been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments.

IBM’s Zaboeva said there is no shortage of potential suspects, adding that figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world”.



Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.