COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says

The phishing campaign began in September and has targeted organizations in six countries in Europe and Asia, according to IBM.
vaccine, coronavirus, COVID-19, research, supply chain, pandemic
(Getty Images)

As drug companies turn their attention from the development to the deployment of a coronavirus vaccine, well-resourced hackers are doing the same.

IBM researchers on Thursday revealed a global spearphishing campaign they said was aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. Those controls allow the medicine to be sent to far-flung places. IBM suspects the attackers are tied to a government, but they said they didn’t have enough evidence to determine which one.

The attackers’ goal may have been to steal login credentials from those companies in order to gain future access “to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the researchers said. It’s unclear how successful the phishing has been.

The findings illustrate how virtually every step of the months-long project by drug companies to produce a vaccine has been targeted by hackers. The U.S. government accused Chinese hackers of targeting vaccine research in May, and examples of similar espionage operations tied to North Korea and Russia have also emerged.


The phishing campaign uncovered by IBM began in September and has targeted organizations in six countries in Europe and Asia. All of the organizations appear to be associated with a supply-chain program run by Gavi, an international organization that handles vaccines.

The attackers targeted companies from the energy, manufacturing and software sectors that are supporting the distribution of a vaccine (IBM did not name any of them.) With access to internal communications at such companies, the attackers could gather information on the “infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it,” the IBM researchers said.

“This adversary picked the perfect cover – one that would pass scrutiny and suspicion,” Claire Zaboeva, senior cyber threat analyst at IBM Security X-Force, said in an email.

That cover saw the hackers pose as an executive at Haier Biomedical, a supplier involved in Gavi’s vaccine supply-chain program, and send phishing emails to companies supporting transportation needs for the program. China-based Haier touts itself as “the world’s only complete cold chain provider,” or organization that offers the full range of temperatures needed for storing biomedical equipment.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Thursday highlighted the IBM research and urged organizations to guard against the hacking.


“Today’s report highlights the importance of cybersecurity diligence at each step in the vaccine supply chain,” said Josh Corman, CISA’s chief strategist for health care. “CISA encourages all organizations involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation, and remain vigilant against all activity in this space.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts