Cyberattackers have been using sophisticated phishing schemes in an attempt to hack companies and government organizations tasked with distributing coronavirus vaccines. IBM's cybersecurity division first revealed the scheme, which was confirmed by the Department of Homeland Security on Thursday, per the New York Times. Experts say phishing emails were sent to corporate executives and officials at global organizations in six countries in Asia and Europe beginning in September, reports the BBC. Hackers reportedly impersonated figures at Gavi, the international vaccine alliance—whose partners include the World Health Organization and the World Bank—and China's Haier Biomedical in an effort to gain access to networks. In the latter case, an email that seemingly came from a Haier exec indicated they wanted to place an order; the attached draft contract contained the malware.
The campaign is aimed at the refrigeration process used to preserve doses in transport, dubbed the "cold chain." The cyberattackers "were working to get access to how the vaccine is shipped, stored, kept cold, and delivered," IBM's Nick Rossmann tells the Times. It's unclear whether hackers might be trying to steal refrigeration technology or sabotage the distribution network and hold it hostage for payment. IBM suspects a nation state but can't say whether any attempts were successful. If they were, hackers might've accessed lists of vaccine recipients and distribution schedules, per the Times. As cybersecurity expert James Lewis tells the outlet, "we won't know how these stolen credentials will be used until after the vaccine distribution begins." (Read more coronavirus vaccine stories.)