Hackers are going after COVID-19 vaccine's rollout

The cyberattacks are targeting companies that will distribute and store the vaccines that can end the coronavirus pandemic.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The hacking campaign posed as a cold storage container company. Pfizer's vaccine needs to be stored at extremely low temperatures.

Sarah Tew/CNET

Hackers aren't just looking to steal information on the vaccines for COVID-19. They're also going after its distributors and suppliers, security researchers warned in a report released Thursday.  

Researchers from IBM's X-Force team detailed a global hacking campaign targeting government agencies, tech companies and energy suppliers in countries like Germany, Italy, South Korea and Taiwan. The companies and agencies are all connected to the Cold Chain Equipment Optimization Platform, a partnership between UNICEF, the vaccine alliance Gavi and other organizations to help with vaccine distribution. 

The attacks came as emails pretending to be from Haier Biomedical, a Chinese company that says it's the world's only complete cold chain provider. The cold chain is a crucial part of Pfizer's COVID-19 vaccine rollout as the vaccine needs to be stored at a temperature of -70 degrees Celsius (-94 degrees Fahrenheit). 

Haier Biomedical is working with CCEOP, the World Health Organization and the United Nations to help with the COVID-19 vaccine's rollout, and the hackers sent emails to targets asking for price quotes, IBM's researchers said. 

A Haier Biomedical representative said the company was investigating the security concerns, and is taking the threats seriously. 

Watch this: Vaccines, antibody tests, treatments: The science of ending the pandemic

The emails contained a malicious attachment that would ask people to enter their passwords to view the files, which the hackers would steal. It's unclear if any of the attacks were successful, but the purpose was likely to gather information for future attempts, IBM's researchers said. 

"Moving laterally through networks and remaining there in stealth would allow them to conduct cyber espionage and collect additional confidential information from the victim environments for future operations," said Claire Zaboeva, a cyberthreat analyst at IBM's X-Force and co-author of the report. 

The hacking targets included the European Commission's Directorate-General for Taxation and Customs Union, which would be in direct contact with several countries and could open pathways for more targeted attacks.

The hackers also sent malware-laced emails to companies making solar panels, which provide power for cold storage containers in countries without access to electricity, and to IT companies in South Korea and Germany that support pharmaceutical manufacturers. 

"A breach within any part of this global alliance could result in the exposure of numerous partner computing environments worldwide," IBM's researchers said. 

The report didn't indicate who was behind this hacking campaign, but suggested that it's likely a nation-state because of how sophisticated the targeting is. In recent months, countries like China, Russia and North Korea have launched cyberattacks against pharmaceutical companies developing COVID-19 vaccines. 

On Wednesday, The Wall Street Journal reported that North Korean hackers have targeted at least six pharmaceutical companies in the US, UK and South Korea that have been working on vaccines. 

The US Cybersecurity and Infrastructure Security Agency released a statement on the hacking campaign, urging companies involved with coronavirus vaccines to review IBM's report.