Tech Giant: Vaccine Supply Chain Targeted by Hackers

This post is also available in: עברית (Hebrew)

The arrival of the long-awaited Covid-19 vaccine is apparently not the end to our worries. Potential supply chain challenges associated with the global distribution of the vaccine have been concerning officials managing this complex operation. 

A report by IBM’s threat intelligence task force says hackers have targeted the cold supply chain needed to deliver Covid-19 vaccines. The hackers appeared to be trying to disrupt or steal information about the vital processes to keep vaccines cold as they travel from factories to hospitals and doctors’ offices. The operation was likely backed by a nation-state.

They targeted organizations associated with a cold chain platform run by the Gavi vaccine alliance, a public-private partnership for developing immunization for poorer countries. The attackers pretended to be an executive at a Chinese supplier of ultra-cold refrigeration, to mount a phishing campaign trying to obtain usernames and passwords, the report said, according to ft.com. 

Nick Rossmann, IBM’s global lead for threat intelligence, said he believed the hackers were either looking to disrupt the vaccine delivery process or steal intellectual property. 

The IBM report described a hacking campaign that spanned six countries, aimed at the European Commission’s customs and taxation unit, and organizations in energy, manufacturing and technology. The campaign started in September and the task force discovered the threat in October. The IBM researchers do not know if the hackers were successful at gaining entry to the networks. 

The European Commission said it was aware of the campaign and had taken “necessary steps” to mitigate the attack. It added that it takes cybersecurity seriously and investigates every incident. 

In Canada, a local military official said they were focused on the security of the vaccine supply chain. The military commander leading vaccination logistics said they were paying attention to various potential threats, and that they would prefer not to divulge routing, exact location or transfer points to protect the “integrity of the supply chain,” according to ca.news.yahoo.com.