In an alert issued during the week of December 7, the U.S. government announced that it had observed traces of cyberattacks against companies tasked with securing the vaccine.
In particular the cold chain responsible for keeping the vaccine at a low temperature, to allow its use under good conditions.
This article will also interest you: Laboratories for the Covid-19 vaccine still targeted by computer attacks
It was IBM's security researchers who made the discovery. They reported on a phishing campaign launched by hackers, which had usurped the identity of Haier, a company known for providing cooling infrastructure for medicines, while claiming to have a monopoly on the cooling systems market. Especially when we know that the cold chain and clearly vital for vaccine storage. For example, one of the most promising vaccines is the Pfizer vaccine, must be stored at -70 degrees for it to remain effective.
According to the researchers, hackers also targeted the Directorate General of Taxation and the customs union of the European Commission, the institution responsible for cross-border regulation and trade.
Moreover, the renewable energy sector specifically solar energy has also been targeted by hackers. As IBM has shown, in some of its research published in Forbes magazine, in some parts of the world, vaccine cooling refrigerators are powered by solar panels for stability and reliability.
At the moment, there is no sign that an organization targeted by hackers has been beautiful and well hacked. So far, no successful attacks have been reported by the institutions working on the vaccine. As far as suspects are concerned, the Chinese, Russian and North Korean states are primarily the first defendants
"The Commission is aware of a phishing campaign using the Covid-19 vaccine theme, targeting several organisations, including the European Commission. We have taken the necessary measures to mitigate the attack and we are monitoring and analysing the situation closely," said the European Commission through its daddy's words
The emails used in the phishing campaign were followed by a request for an estimate for participation in the Cold Chain Equipment Optimization Platform (CCEOP) program, an initiative of the vaccine alliance, Gavi with UNICEF, which has been in place since 2015, with the aim of making the vaccine supply chain much more efficient. As in a classic phishing, there was a link that led to an HTML file instead of website. When accessing this file, the person was asked to enter their login credentials into the company's network. This information will certainly be passed on to cyber criminals to undertake computer hacking activities downstream. "This Phishing technique helps attackers avoid posting Phishing pages that can be discovered and deleted by security search teams and law enforcement. Historically," said Claire Zaboeva, senior cyber threat analyst at IBM Security X-Force.
For its part, CISA, the U.S. government agency responsible for computer security for the Department of Homeland Security, warned last Thursday: "CISA encourages all organizations involved in the storage and transport of vaccines to harden attack surfaces, especially in cold storage operations, and to remain vigilant against any activity in this space. This means following alerts and advice from CISA and other security agencies, putting contingency plans in place and contacting CISA for additional support," said Josh Corman, CISA's Chief Health Officer.
The U.S. agency also alerted other organizations that are part of Operation Warp Speed, a U.S. program to accelerate the marketing of Covid-19 vaccines, to the computer threats detected by IBM researchers.
"Gavi has strong policies and processes in place to prevent such phishing attacks and hacking attempts. That's why we are working closely with our partners on safety awareness to continue to strengthen these good practices." Declares Gavi through his wordlessness.
Now access an unlimited number of passwords: