IBM said in a blog post published on Thursday that digital spies have turned their attention to the vaccine “cold chain” — the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to doctors.
The technology giant is sounding the alarm over efforts to hack companies critical to the distribution of Covid-19 vaccines after uncovering “a global phishing campaign”.
The company’s cybersecurity unit said it had detected an advanced group of hackers using meticulously crafted booby-trapped emails sent in the name of a cold chain provider specialising in vaccine transport.
It comes as Interpol, the global police co-ordination agency, warned that organised criminal gangs could be targeting the real Covid-19 vaccines in a bid to create and sell fake shots.
The hackers detected by IBM went through “an exceptional amount of effort”, said analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various refrigeration units.
“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” said Ms Zaboeva.
The US Cybersecurity and Infrastructure Security Agency reposted the IBM report, warning members of Operation Warp Speed — the US government’s national vaccine mission — to be on the lookout.
A secure cold chain is fundamental to distributing vaccines by the likes of Pfizer and BioNTech, the companies which developed the jab approved for use in the UK on Wednesday, because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.
IBM said the bogus emails were sent to around 10 different organisations but only identified one target by name: the European Commission’s Directorate-General for Taxation and Customs Union, which has helped set rules on the import of vaccines.
The tech firm said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.
Who is behind the vaccine supply chain espionage campaign isn’t yet clear. IBM’s Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world”, she said.
Meanwhile, Interpol warned on Wednesday that organised criminal networks could be targeting Covid-19 vaccines, and could look to sell fake vaccine products made to look like the real thing.
The agency said it had issued a global alert to law enforcement across its 194 member countries, warning them to prepare for organised crime networks targeting vaccines, both physically and online.
“As governments are preparing to roll out vaccines, criminal organisations are planning to infiltrate or disrupt supply chains,” said Interpol secretary general Juergen Stock. “Criminal networks will also be targeting unsuspecting members of the public via fake websites and false cures, which could pose a significant risk to their health, even their lives.”