A mysterious hacker attacks the new corona vaccine transport network, alerting the Department of Homeland Security



On December 3, 2020, IBM, a major US IT company, released a report on cyber attacks targeting the supply chain of the new coronavirus vaccine. In response, the US Department of Homeland Security is calling attention to companies engaged in vaccine transportation and distribution.

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/

Hackers are targeting the COVID-19 vaccine supply chain, IBM finds --The Verge
https://www.theverge.com/2020/12/3/22151016/hackers-phishing-coronavirus-vaccine-ibm-security

IBM's security services IBM X-Force IRIS Claire Zaboeva and Melissa Fridrif updated their official blog on December 3rd on a large scale across Germany, Italy, South Korea, Czech Republic, Taiwan and the EU. Reported that it detected a phishing scam. The phishing was carried out via email to carriers, and the sender of the email was disguised as an executive of Haier Biomedical, a major cold chain supplier in China.

The new coronavirus vaccine developed by Pfizer, a major American pharmaceutical company, requires transportation at an ultra-low temperature of minus 70 degrees Celsius, so transportation of the vaccine involves logistics issues. Therefore, it has been pointed out that cooperation in the transportation industry, including cold chain suppliers, is essential for delivering vaccines to a large number of people.

Pfizer's new corona vaccine is reported to be a 'logistics nightmare,' and why? --GIGAZINE



According to Zaboeva and others, the phishing email disguised as a quote request by Haier Biomedical executives was accompanied by an HTML file intended to steal credentials. In addition, the organizations targeted by cyber attacks include government agencies and support members of the GAVI Alliance , a vaccine dissemination program operated in collaboration with the World Health Organization (WHO) and the United Nations Children's Fund (UNICEF). It included multiple companies.

The following is a sample phishing email published by Saboeva et al. This email is a vaccine because the sender of the email is '@ hairbiomedical.com' and the subject line includes 'UNICEF' and ' CCEOP ', which is a cold chain authentication program by the GAVI Alliance. It can be seen that it is a clever fishing that accurately targets the transportation company. In addition, there is a text in the body of the email that prompts you to access the attached file, saying, 'We are considering placing an order with your company, so please estimate the cost. Please see the attached request for quotation.'



From this, Zaboeva et al. Pointed out that 'the cyber attack was strategically carried out with the aim of endangering the cold chain of the new coronavirus vaccine.' He said the attack could have been aimed at gaining unauthorized access to sensitive information about the distribution of the new coronavirus vaccine through the theft of credentials. At the time of writing the article, it is unknown whether the purpose of the cyber attacker was achieved.

Also, although the identity of the cyber attacker is unknown, Zaboeva et al. 'The very precise identification of the targeted organization suggests the activities of the state. Specific measures that will lead to profits are necessary. For example, a mere cybercriminal would not invest enough resources to carry out such a calculated operation, although information on vaccine transport could become a popular item in the black market. The highly confidential information of vaccine transport, which has a significant impact on human life and the global economy, can also be a high-priority national goal. '

Regarding the new coronavirus vaccine, it has been reported that 'Russia and North Korea have hacked research organizations'.

Microsoft announces that 'Russia and North Korea have hacked research organizations related to the new corona vaccine' --GIGAZINE



China is also suspected of stealing vaccine research.

US government accuses China of 'attempting to steal vaccine research results of new coronavirus' --GIGAZINE



Zaboeva and colleagues recommended that organizations targeted by cyber attacks be enhanced by applying a zero trust approach and adopting multi-factor authentication . The US Department of Homeland Security also issued a statement calling for caution against organizations involved in the distribution of the new coronavirus vaccine, such as carriers.

in Security, Posted by log1l_ks