Attackers are targeting executives of companies in the coronavirus vaccine cold chain.IBM X-Force has discovered a malicious campaign targeting organizations involved in the storage and transport of COVID-19 vaccines. The experts were unable to link the campaign to any specific cybercriminal group, but they did identify the hallmarks of government-funded hackers.
During attacks, cybercriminals send phishing emails to their victims in order to steal their credentials for authorization in e-mail and other applications. Cybercriminals have targeted a wide range of companies, sectors and government agencies, including the European Commission's Directorate General for Taxation and the Customs Union, which oversees the movement of goods across borders, including medical supplies.
Attackers also attacked a solar panel manufacturer for transport refrigerators that transport vaccines and a petrochemical company that makes dry ice used to transport vaccines.
Another victim of the group is an IT company in Germany that creates websites for pharmaceutical manufacturers, carriers, biotech companies and manufacturers of electrical components for sea, land and air navigation and communications.
Attackers target the elected leaders of each company. Typically, these are people working in the sales, purchasing, IT and finance departments involved in the so-called cold supply chain - transporting vaccines at the required temperature.
Typically, cybercriminals send an email to the victim, allegedly on behalf of the Chinese company Haier Biomedical, which is an official member of the UN Cold Chain Equipment Optimization Platform (CCEOP) program. The phishing emails are disguised as CCEOP-related RFQs.
The emails contain malicious HTML files that the user must download and open locally on their computer. Once opened, the file asks the victim for credentials, ostensibly so that she can view its contents. This approach frees cybercriminals from having to create phishing online pages that can be detected by security researchers or law enforcement agencies.
The victims of cybercriminals were organizations not only in Germany, but also in Italy, the Czech Republic and other European countries, South Korea and Taiwan.