The cyberattackers “were working to get access to how the vaccine is shipped, stored, kept cold and delivered,” said Nick Rossmann, who heads IBM’s global threat intelligence team. “We think whoever is behind this wanted to be able to understand the entire cold chain process.”
Many of the approaches came in the form of “spear phishing” emails that impersonated an executive at a major Chinese company, Haier Biomedical, which is a legitimate participant in the distribution chain. The email says “we want to place an order with your company,” and includes a draft contract containing malware that would give the attackers access to the network.
Researchers for IBM Security X-Force, the company’s cybersecurity arm, said they believed that the attacks were sophisticated enough that they pointed to a government-sponsored initiative, not a rogue criminal operation aimed purely at monetary gain. But they could not identify which country might be behind them.
Outside experts said they doubted it was China, which has been accused of trying to steal vaccine information from universities, hospitals and medical researchers, because it would be unlike Chinese hackers to impersonate executives at a major Chinese firm.
If they are correct, the lead suspects would be hackers in Russia and North Korea, both of which have also been accused by the United States of conducting attacks to steal information about the process of manufacturing and distributing vaccines. Sometimes it is hard to tell the difference between official hacking operations for the Russian or North Korean governments and those run for private gain.
Article source: https://www.nytimes.com/2020/12/03/us/politics/vaccine-cyberattacks.html