By Raphael Satter
WASHINGTON (Reuters) - IBM and U.S. officials are sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines.
IBM said on Thursday that the campaign was a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world's population against the novel coronavirus, although some outside experts questioned whether that was the hackers' focus.
In a blog post https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain published on Thursday, IBM said it had uncovered "a global phishing campaign" focused on organizations associated with the COVID-19 vaccine "cold chain" - the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people's arms.
The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning https://us-cert.cisa.gov/ncas/current-activity/2020/12/03/ibm-releases-report-cyber-actors-targeting-covid-19-vaccine-supply members of Operation Warp Speed - the U.S. government's national vaccine mission - to be on the lookout.
Other cybsecurity experts expressed some skepticism, however, of IBM's findings.
Joe Slowik, a researcher at online threat intelligence firm DomainTools, said he believed IBM had stumbled upon "a subset of activity" that was part of a much wider campaign "which may not be focused on vaccines or similar activity."
While "definitely malicious," Slowik said he was not convinced it was specifically focused on vaccine distribution.
Who is behind the espionage is not clear. Messages sent to the email addresses used by the hackers were not returned.
Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer Inc and BioNTech <SE 22UAy.F> because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.
IBM's cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.
Haier Medical did not return messages seeking comment.
Targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.
The hackers went through "an exceptional amount of effort," said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.
"Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic," she said.
The only organization identified by name in IBM's report - the European Commission's Directorate-General for Taxation and Customs Union - said in a statement that it was aware that it had been targeted in the hacking campaign.
"We have taken the necessary steps to mitigate the attack and are closely following and analysing the situation," the statement said.
Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments. Cybercriminals have also been active against health care providers such as hospitals during the pandemic.
IBM's Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine "should be topping the lists of nation states across the world," she said.
(Reporting by Raphael Satter; editing by Rosalba O'Brien and Grant McCool)