BOSTON: Security researchers claimed on Thursday to have detected a cyber-espionage effort using targeted phishing emails to try to collect vital information on the World Health Organisation’s initiative for distributing Covid-19 vaccine to developing countries.

The researchers said they could not be sure who was behind the campaign, which began in September, or if it was successful. But the precision targeting and careful efforts to leave no tracks bore “the potential hallmarks of nation-state tradecraft”, they said in a blog post.

The campaigns targets, in countries including Germany, Italy, South Korea and Taiwan, are likely associated with the development of the cold chain needed to ensure coronavirus vaccines get the non-stop sterile refrigeration they need to be effective for the nearly three billion people who live where temperature-controlled storage is insufficient, IBM said.

“Think of it as the bloodline that will be supplying the most vital vaccines globally,” said Claire Zaboeva, an IBM analyst involved in the detection.

The US Cybersecurity and Infrastructure Security Agency later issued an advisory encouraging Operation Warp Speed, the Trump administration’s vaccine programme, and other organisations involved in vaccine storage and transport, to review IBM’s findings.

“Whoever is behind the operation could be motivated by a desire to learn how the vaccines are best able to be shipped and stored in the entire refrigeration process in order to copy it,” said Nick Rossmann, the IBM team’s global threat intelligence lead.

“Or they might want to be able to undermine a vaccine’s legitimacy or launch a disruptive or destructive attack,” he added.

In the ploy, executives with groups likely associated with the initiative known as Covax created by the Gavi Vaccine Alliance, the World Health Organisation and other UN agencies were sent spoofed emails appearing to come from an executive of Haier Biomedical, a Chinese company considered the world’s main cold-chain supplier, the analyst said.

The phishing emails had malicious attachments that prompted recipients to enter credentials that could have been used to harvest sensitive information about partners vital to the vaccine-delivery platform.

Targets included the European Commission’s directorate-general for taxation and customs union and companies that make solar panels for powering portable vaccine refrigerators. Other targets were petrochemical companies, likely because they produce dry ice, which is used in the cold chain, Zaboeva said.

The EU agency has been busy revising new import and export regimes for coronavirus vaccines and would be a gold mine for hackers seeking stepping stones into partnering organisations, she said.

Covax has struggled to raise enough money to compete for vaccine contracts against the world’s wealthiest nations in the race to secure doses as fast as they can be produced. But the UN and Gavi have invested millions in cold-chain equipment across Africa and Asia.

The investment, in the works well before the pandemic, was accelerated to prepare for an eventual global rollout of coronavirus vaccines.

“Whoever was behind the phishing operation likely sought advanced insight into the purchase and movement of a vaccine that can impact life and the global economy,” the blog post said.

Coronavirus vaccines will be one of the world’s most sought-after products as they are distributed, so theft may also be a danger.

Published in Dawn, December 4th, 2020