The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Phishing Campaign Takes Aim at COVID-19 Vaccine Transportation Chain

by Chris Brook on Thursday December 3, 2020

Contact Us
Free Demo
Chat

The latest attack on COVID-19 vaccine research is aimed squarely at the supply chain of companies and government organizations working to keep the vaccines refrigerated in transit.

It was bound to happen.

Months after news that hackers were attempting to steal coronavirus vaccine intellectual property and research comes news that a new campaign is targeting the COVID-19 vaccine cold chain.

With countries like the UK ahead of the US when it comes to authorizing a vaccine - it gave the green light to Pfizer/BioNTech's vaccine Wednesday – it’s not totally surprising to see cybercriminals, who have been trying to carry out espionage to steal information about vaccines all year long, move to the latest shiny object.

A new report, issued this morning disclosed that hackers have been sending phishing emails to an EU agency and companies likely participating in a Gavi vaccine aid project.

Gavi, The Vaccine Alliance - is a group in charge of improving access to vaccines worldwide; it's overseeing the Cold Chain Equipment Optimization Platform (CCEOP) program, a project that's coordinating the supply of technologies to improve vaccine delivery. The program is based around ensuring that doses of vaccines can be delivered in temperature-controlled environments.

According to IBM X-Force, which discovered the phishing scam, attackers impersonated a business executive from Haier Biomedical, a China-based Cold Chain solution supplier and also a legitimate member and supplier of the CCEOP program.

In what researchers at the firm claim was an attempt to harvest credentials, likely to use at a later date in order to infiltrate corporate networks and the data that resides on them, the attackers sent emails to the European Commission’s Directorate-General for Taxation and Customs Union, in addition to organizations from the energy, manufacturing, website creation and software and internet security solution sectors.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency lent credence to the research and warned about the scam on Thursday, encouraging Operation Warp Speed (OWS) organizations to review the news and indicators of compromise (IOCs) IBM posted.

Operation Warp Speed is the name the Trump administration has given to companies working to develop and distribute coronavirus vaccines.

While the news is confirmation that attackers are still very active when it comes to targeting coronavirus research, it's unclear if the attacks were successful and whether they were meant to merely disrupt the supply chain or outright steal sensitive vaccine data.

CISA is encouraging organizations, especially those involved in vaccine storage and transport, to take the necessary steps to mitigate phishing and enhance web security if they aren't already.

Tags: Phishing

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.