The Targeting of the COVID-19 Vaccine Supply Chain

The world has waited for 10 months for the good news that arrived this week—the first inoculations of the COVID-19 vaccine would be given in the UK within days. Those same 10 months also saw threat actors working to take advantage of the supply chain knowledge void in which governments and individuals find themselves. This has created the ultimate good news-bad news situation.

The good news is that multiple entities have requested Emergency Use Authorization for COVID vaccines, and millions will be vaccinated by mid-2021. The bad news is the supply chain to distribute the vaccines is truly a work in progress, given the magnitude of the effort and the variety of unique shipping requirements and processes required for each of those. This period of uncertainty creates an opportunity for those nations/entities wishing to leapfrog across the backs of others.

Cold-chain guidance from UNICEF highlights the complexity required to ensure “effective and efficient procurement of cold chain equipment” exists and is being globally consumed.

On Dec. 3, the Cybersecurity & Infrastructure Security Agency issued an alert highlighting the threat posed by malicious actors targeting various points within the supply chain to harvest account credentials. The alert references the IBM X-Force report, “Attackers are targeting the COVID-19 vaccine cold chain.”

Targeted are the European Commission Director-General for Taxation and Customs, the energy sector and the IT sector—more specifically, a South Korean software development firm and a German website development company. According to the X-Force report, the latter has broad engagement with its client’s entire fulfillment portion of the supply chain. Within the energy sector, companies that are developing solar panels—which are useful in powering the cold chain refrigeration components—are being targeted. The targeting of the EU Commission is more straightforward, as this entity serves as a single access point to the 27 member states.

These targeted phishing attacks originated from a spoofed “haierbiomedical” email account. Haier Biomedical is a member of the Cold Chain Equipment Optimization Platform (CCEOP) program and has reportedly completed the creation of a complete cold chain provision methodology. No doubt this has increased the probability of the spoofed email being opened by the targeted individuals.

Copy of the spoofed email from X-Force:

While Haier Biomedical is located in China, X-Force researchers have not attributed this effort to any specific entity or country. However, “Precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft,” the report stated.

Previously, CISA and the FBI warned of China targeting vaccine development in the United States. These efforts were focused on the healthcare, pharmaceutical and research sectors. It makes sense that these same miscreants will target the delivery portion of the vaccine supply. It is also consistent with the U.S.-China Economic Commission‘s findings: “The Chinese government has made the collection of domestic and foreign healthcare data a national priority and has sought access to U.S. healthcare data through both licit and illicit means.” The Commission noted the “longstanding problems in China’s public health system, including funding shortfalls and bureaucratic weaknesses, have undermined the country’s epidemiological preparedness.”

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 181 posts and counting.See all posts by burgesschristopher