IBM's threat intelligence task force identified a global phishing campaign targeting the COVID-19 vaccine supply chain, according to a Dec. 3 report from the company.
Four details:
1. The attacks began in September and focused on companies associated with the COVID-19 cold chain, which ensures vaccines will be stored and transported in temperature-controlled environments.
2. The campaign has targeted organizations in six countries and has the "potential hallmarks of nation-state tradecraft," according to the report.
3. The phishing attacks impersonated an executive from Chinese company Haier Biomedical, which is a qualified supplier in the Vaccine Alliance's Cold Chain Equipment Optimization Platform program. The hackers sent phishing emails to organizations that provide material support to meet the transportation requirements for the vaccine.
4. IBM's report stated that the campaign's purpose may have been to gain credentials and future unauthorized access to corporate networks and sensitive information about COVID-19 vaccine distribution.
5. The attack targeted sales, procurement, IT and finance executives of the cold chain companies. IBM said it was unable to detect whether the phishing scam was successful.