A series of cyberattacks is underway aimed at the companies and government organizations that will be distributing coronavirus vaccines around the world, IBM's cybersecurity division has found, though it is unclear whether the goal is to steal the technology for keeping the vaccines refrigerated in transit or to sabotage the movements.
There is no indication so far that the attackers were aiming at Pfizer or Moderna, whose vaccines are expected to be the first ones approved for emergency use in the United States.
But the findings were alarming enough that the Department of Homeland Security issued its own warning Thursday.
Both the IBM researchers and the department's Cybersecurity and Infrastructure Security Agency said the attacks appear intended to steal the network credentials of corporate executives and officials at global organizations involved in the refrigeration process necessary to protect vaccine doses. The agency issued an advisory encouraging Operation Warp Speed, the Trump administration's vaccine program, and other organizations involved in vaccine storage and transport, to review IBM's findings.
[CORONAVIRUS: Click here for our complete coverage » arkansasonline.com/coronavirus]
Josh Corman, a coronavirus strategist at the cybersecurity agency, said in a statement that the IBM report was a reminder of the need for "cybersecurity diligence at each step in the vaccine supply chain." He urged organizations "involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation."
Researchers for IBM Security X-Force, the company's cybersecurity arm, said they believed the attacks were sophisticated enough that they pointed to a government-sponsored initiative, not a rogue criminal operation aimed purely at monetary gain. But they could not identify which country might be behind them.
Regardless, the attacks underscore how everything about coronavirus vaccines -- how to make them, test them and move them -- has become vital information around the globe.
With several vaccines on the verge of moving from clinical trials into wider use, the IBM discovery suggests that the main target of state-employed hackers is now the infrastructure of delivering the vaccines to billions of people around the globe.
[Video not showing up above? Click here to watch » https://www.youtube.com/watch?v=CUj2tZo3MEI]
The cyberattackers "were working to get access to how the vaccine is shipped, stored, kept cold and delivered," said Nick Rossmann, who heads IBM's global threat intelligence team. "We think whoever is behind this wanted to be able to understand the entire cold chain process."
However, they might want to be able to undermine a vaccine's legitimacy or launch a disruptive or destructive attack, Rossmann added.
'BLOODLINE' TARGET
The campaign's targets, in countries including Germany, Italy, South Korea and Taiwan, are likely associated with the development of the process needed to ensure vaccines get the nonstop sterile refrigeration they need to be effective for the nearly 3 billion people who live where temperature-controlled storage is insufficient, IBM said.
"Think of it as the bloodline that will be supplying the most vital vaccines globally," said Claire Zaboeva, an IBM analyst involved in the detection.
Targets included the European Commission's Directorate-General for Taxation and Customs Union, and companies that make solar panels for powering portable vaccine refrigerators. Other targets were petrochemical companies, likely because they produce dry ice, which is used in the cold chain, Zaboeva said.
In the U.S., the FBI has been working with other federal agencies and private industry to protect vaccine development and delivery, Tonya Ugoretz, the agency's deputy assistant director for cyber readiness and intelligence, said Thursday at the online Aspen Cyber Summit.
The aim is to ward off not just cyberthreats but also more traditional human-centric espionage by adversaries who may seek to steal intellectual property for financial gain, to benefit another country or to "undermine confidence in U.S. efforts to provide an effective vaccine," she said.
Many of the approaches came in the form of "spear phishing" emails that impersonated an executive at a major Chinese company, Haier Biomedical, which is a legitimate participant in the distribution chain.
Outside experts said they doubted the attacks came from China, which has been accused of trying to steal vaccine information from universities, hospitals and medical researchers, because it would be unlike Chinese hackers to impersonate executives at a major Chinese firm.
If they are correct, the lead suspects would be hackers in Russia and North Korea, both of which have also been accused by the United States of conducting attacks to steal information about the process of manufacturing and distributing vaccines. Sometimes it is hard to tell the difference between official hacking operations for the Russian or North Korean governments and those run for private gain.
The motive is also unclear. The attackers may simply be looking to steal technology to move large amounts of vaccine across long distances at extraordinarily low temperatures, which would constitute a classic form of intellectual property theft.
But some cybersecurity experts say they suspect something more nefarious: efforts to interfere with the distribution, or ransomware, in which the vaccines would be essentially held hostage by hackers who have gotten into the system that runs the distribution network and locked it up -- and who demand a large payment to unlock it.
Information for this article was contributed by David E. Sanger and Sharon LaFraniere of The New York Times; and by Frank Bajak and Lori Hinnant of The Associated Press.