Hackers targeting firms in vaccine supply chain, IBM warns

IBM on Thursday warned that it uncovered a “global phishing campaign” targeting the COVID-19 vaccine supply chain.

The company wrote a blog post saying that the scheme was targeting the vaccine “cold chain,” which ensures that vaccines are preserved in temperature-controlled environments during storage and transportation.

IBM said the hackers impersonated an executive from Haier Biomedical, which is reportedly the world’s only complete cold chain provider. The person then sent phishing emails to organizations believed to be providing material support to meet transportation needs within the chain.


Among the hacker’s targets was the European Commission’s Directorate-General for Taxation and Customs Union. The group has set the rules on vaccine importation, according to Reuters.

IBM analyst Claire Zaboeva told Reuters that the hackers went through “an exceptional amount of effort.” The scammers researched the correct make, model and pricing of various refrigeration units.

“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to develop a vaccine for the global pandemic,” she told the news outlet.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert advising organizations involved in Operation Warp Speed to review IBM’s blog post.

It’s unclear who was behind the phishing campaign.

The Wall Street Journal reported Wednesday that North Korean hackers attempted to hack at least six pharmaceutical companies developing COVID-19 treatments.

Microsoft previously warned that North Korean and Russian hacking groups were targeting pharmaceutical companies and COVID-19 vaccine researchers.