Phishing Campaign Targets COVID Vaccine Cold Supply Chain

GettyImages-1249961285Researchers at IBM’s X-Force have identified a phishing campaign targeting the COVID-19 vaccine “cold chain” (the part of the supply chain focused on “the safe preservation of vaccines in temperature-controlled environments during their storage and transportation”).

The phishing emails appeared to be requests for quotations (RFQs) related to the cold chain, and contained malicious HTML attachments that would open credential-harvesting phishing pages.

“Our analysis indicates that this calculated operation started in September 2020,” the researchers write. “The COVID-19 phishing campaign spanned across six countries and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program, which we explain further in this blog. While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.”

The operation appears to have been highly targeted, since the attackers knew exactly who to impersonate.
“The spoofed phishing emails appear to originate from a business executive from Haier Biomedical, a Chinese company currently acting as a qualified supplier for the CCEOP program, in coordination with the World Health Organization (WHO), UNICEF and other U.N. agencies,” X-Force says.

“It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider. Likewise, the Haier Biomedical employee who is purported to be sending these emails would likely be associated with Haier Biomedical’s cold chain distribution operations based on his role, which is listed in the email signature block..”

The researchers conclude that the immediate goal of the campaign was likely espionage related to the vaccine, but the access gained could also be intended for use in future campaigns.

“We assess that the purpose of this campaign may have been to harvest credentials to gain future unauthorized access,” they write. “From there, the adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine.

This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it. However, beyond critical information pertaining to the COVID-19 vaccine, the adversary’s access could extend deeper into victim environments.

Moving laterally through networks and remaining there in stealth would allow them to conduct cyber espionage and collect additional confidential information from the victim environments for future operations.”

New-school security awareness training can help your employees thwart both sophisticated and amateur social engineering attempts. IBM SecurityIntelligence has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews