WASHINGTON (Reuters) – IBM and U.S. officials detected hackers targeting companies critical to the distribution of COVID-19 vaccines.

First Reuters reported the attack on WHO. Hacking groups are targeting healthcare in full force, with the World Health Organization and Hammersmith Medicines Research (HMR), a UK-based research team on standby for developing a COVID-19 vaccine, reporting they were both hit with cyberattacks in the past month.

In a blog post published on Thursday, IBM uncovered that they had detected a cyberespionage operation to target vital information on a World Health Organization (WHO) initiative for distributing the COVID-19 vaccine.

In a report the U.S. Cybersecurity and Infrastructure Security Agency  warned the U.S. government’s national vaccine mission – to be on the lookout.

The cybersecurity researchers are not yet sure about the source of this effort, which began in September. They were also unable to say if it had been successful. But the researcher who discovered the incident, Alexander Urbelis, a cybersecurity expert and attorney with Blackstone Law Group, believes the attack was the work of cyberespionage hackers known as DarkHotel.

Joe Slowik, a researcher at online threat intelligence firm DomainTools, said he believed IBM had stumbled upon “a subset of activity” that was part of a much wider campaign “which may not be focused on vaccines or similar activity.”

While “definitely malicious,” Slowik said he was not convinced it was specifically focused on vaccine distribution.

Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer Inc and BioNTech because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.

IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.

Haier Medical did not return messages seeking comment.

Targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.

The hackers went through “an exceptional amount of effort,” said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.

The only organization identified by name in IBM’s report – the European Commission’s Directorate-General for Taxation and Customs Union – said in a statement that it was aware that it had been targeted in the hacking campaign.

“We have taken the necessary steps to mitigate the attack and are closely following and analysing the situation,” the statement said.

Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments. Cybercriminals have also been active against health care providers such as hospitals during the pandemic.

Anirban Roy
Anirban Roy
View More Posts
Anirban Roy is an Certified Ethical Hacker and Cyber Security Expert, CISCO networking Certified and also the Founder & CEO of Techgen Cyber Solution Pvt. Ltd. Has more than 5 years of professional experience in the field, also worked with government official for solving cyber crimes and securing many different corporate organizations.