The hackers took measures to hide their tracks, and the cyber-sleuths did not name which state might be behind the campaign.
The IBM team said it was not known why the hackers were trying to penetrate the systems. It suggested the intruders might want to steal information, glean details about technology or contracts, create confusion and distrust, or disrupt the vaccine supply chains themselves.
The hackers probably sought “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the IBM team said.
As there was “no clear path to a cash-out,” as there is in a ransomware attack, it increased the likelihood of a state actor. However, the IBM sleuths cautioned, it was still possible that criminals could be looking for ways to illegally obtain “a hot black-market commodity,” such as an initially scarce vaccine.
The new generation of RNA vaccines, such as the Pfizer-BioNTech product approved for emergency use by Britain on Wednesday, requires sub-Antarctic temperatures for storage and transport. But even more traditional vaccines, such as a candidate being tested by Oxford University and its partner AstraZeneca, must be kept refrigerated.
The hackers targeted organizations linked to Gavi, a public-private vaccine alliance that seeks to supply vaccines to poor countries. The alliance works closely with the World Health Organization, donor countries, the global pharmaceutical industry and the Bill and Melinda Gates Foundation.
The cybersecurity agency encouraged all organizations involved in the Trump administration’s Operation Warp Speed to be especially alert to challenges to their cold chain systems.
In a blog post, which was distributed to cybersecurity agencies, IBM said an intruder impersonated a business executive at Haier Biomedical, a legitimate Chinese company active in the vaccine supply chain, which specializes in the refrigeration of medical products. The impersonator sent emails to “executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.”
It’s unclear whether any of the phishing attempts were successful.
In her post, Claire Zaboeva, senior strategic cyber threat analyst at IBM, wrote: “The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.”
This is not the first attempt by hackers to gain entry into secure networks protecting vaccines.
Hackers linked to a Russian intelligence service tried to steal information from researchers working to produce coronavirus vaccines in the United States, Britain and Canada, security officials in those countries reported in July.
The hackers, who belong to a unit known variously as APT29, “the Dukes” or “Cozy Bear,” were targeting vaccine research and development organizations in the three countries, the officials said in a joint statement. The unit is one of the two Russian spy groups that penetrated the Democratic Party’s computers in the lead-up to the 2016 U.S. presidential election.
Microsoft last month reported “mostly unsuccessful attempts” by state-backed Russian and North Korean hackers to steal data from pharmaceutical companies and vaccine developers, according to the Associated Press.