DHS, IBM Warn Of Phishing Bids Targeting Vaccine Delivery

By Ben Kochman
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Energy newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (December 3, 2020, 9:59 PM EST) -- Malicious cyber actors likely linked to a nation-state impersonated an executive from biomedical giant Haier in a phishing campaign that targeted organizations involved in safely storing and delivering COVID-19 vaccines, IBM and U.S. federal officials warned Thursday.

In the phishing campaign, which began in September, the adversaries attempted to harvest login credentials from a global group of entities involved in the vaccine supply chain, IBM's security team wrote in a blog post. Targets included the European Commission's Taxation and Customs Union, as well as organizations that manufacture solar panels that could power vaccine refrigerators and other companies that make dry ice, IBM said.

A South Korean software development firm and a German website development company were also targeted with the messages, wrote IBM threat analysts Claire Zebova and Melissa Frydrych.

For some of the phishing messages, the cyber actors pretended to be a business executive from Haier, which has claimed in marketing materials to be the world's only complete provider of what is known as the vaccine "cold chain," the process of keeping a vaccine in a safe, temperature-controlled environment during transport, the blog post said.

The phishing messages, designed to dupe employees into divulging login credentials or other sensitive data, were sent to executives in the target entities' sales, procurement, information technology and finance departments, according to IBM.

The purpose of the campaign was not clear on Thursday, but the focused nature of the attacks suggest links to a nation-state, the blog post says. IBM said it has not been able to determine whether the attacks were successful.

"While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft," IBM's Zebova and Frydrych wrote.

Hours after IBM published its blog post, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published a news release urging organizations involved in vaccine transport to read IBM's analysis. 

Thursday's warnings come months after officials in the U.S., U.K. and Canada warned that hackers backed by Russia's government are targeting organizations in the West that are researching potential COVID-19 vaccines. That advisory came on the heels of a similar warning issued by U.S. officials in May that malicious users backed by the Chinese government are aiming to steal American research on vaccines and treatments for the virus.

Representatives for Haier, which is based in China, could not immediately be reached on Thursday.

--Editing by Jay Jackson Jr.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!