Dec 3, 2020 - Health

Vaccine shipment companies targeted by cyberattacks, IBM says

Illustration of a hand in a glove holding a glowing syringe
Illustration: Sarah Grillo/Axios

A global phishing campaign has been trying to gain information from organizations working to ship coronavirus vaccines since September, IBM's cybersecurity arm said on Thursday.

Why it matters: Successfully distributing a COVID vaccine will already be challenging for the U.S. and other wealthy countries, especially to rural areas with less resources — while poorer countries are expected to have delayed access.

  • It is not clear if the goal of the phishing attacks, in which official-looking emails try and trick people into handing over credentials or privileged information, are intended to steal technology or trade secrets about shipping COVID vaccines or to sabotage the efforts, the New York Times notes.

What they're saying: IBM says that organizations in Italy, Germany, South Korea, Taiwan, the Czech Republic, and greater Europe were targeted with spear-phishing emails sent to sales, IT and finance executives — alongside some all-staff emails.

  • Homeland Security plans to warn the Trump administration's vaccine development effort, Operation Warp Speed, about the attacks on Thursday, per the NYT.
  • IBM and the DHS agree that the phishing attacks aim to steal network credentials from corporate executives and officials involved in building a supply chain to refrigerate and ship coronavirus vaccine doses, per the Times.

Of note: IBM said that the origin of the attacks is not known, but the specific targeting "potentially point to nation-state activity," or a government-sponsored attack.

Go deeper