The BBC has reported that, according to IBM, the international vaccine supply chain has been targeted by cyber-espionage. The hacker’s identity is unclear but IBM believe the sophistication of the campaign, which targeted the cold chain, indicates the identity to be of a nation state.
Phishing emails were sent out across six countries, which targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance.
The attackers impersonated a business executive from a legitimate Chinese company involved in CCEOP’s supply cold chain. They then sent phishing emails to organisations that provided transportation, which contained malicious code and asked for people’s log in details.
The information collected could have allowed the hackers to understand the infrastructure that governments intended to use to distribute vaccines.
“Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target,” IBM commented to the BBC.
“The precision targeting and nature of the specific targeted organisations potentially point to nation-state activity. Without a clear path to a [pay]out, cyber-criminals are unlikely to devote the time and resources required to execute such a calculated operation.” IBM said.
It has been noted that thus far the hacking has been motivated by gathering intelligence rather than disruption of research.