IBM unveils email phishing attack on COVID-19 vaccine supply chain

Cybersecurity analysts at IBM have reportedly uncovered an extensive email phishing scheme that targets the global supply chains set up for the SARS-CoV-2 vaccine. The organization has strongly urged that cold-chain companies should stay on high alert and be ready to deal with the possibility of occurrence of any such instance.

According to IBM researchers, Melissa Frydrych and Claire Zaboeva, this scheme might be intending to obtain credentials for acquiring unauthorized access in future. The duo has further claimed that the attacker could sneak into the internal communications, plans, processes, and methodologies of distributing COVID-19 vaccine through this phishing strategy.

Some vaccines, such as those from companies comprising Moderna and Pfizer, need low storage temperatures, utilizing special equipment procured from cold-chain companies. It is expected that the U.S. FDA will allow companies, that have applied for emergency authorization in the United States, to commence the distribution of their vaccines through the forthcoming weeks.

Apparently, while investigating into the phishing scheme, the IBM taskforce found counterfeit emails impersonating a Chinese Business Executive from a credible cold-chain supply organization. The emails were found to be sent in September, targeting different organizations in the Czech Republic, Italy, Taiwan, Germany, greater Europe, and South Korea.

Further, it has also been observed that the targeted businesses are associated with The Vaccine Alliance, Gavi, who are working towards the supply of affordable COVID-19 vaccines to low- and middle-income economies. Supported by the Bill and Melinda Gates Foundation, the alliance operates an initiative for the reinforcement of immunization supply chains with UNICEF for ensuring equitable drug distribution.

Back in April, the World Health Organization had witnessed a dramatic surge in the number of cyberattacks aimed at the United Nations health agency. On April 23, WHO had reported an online leak of almost 450 active WHO email addresses and passwords along with thousands of others belonging to those working on COVID-19 response.

Source credit:

Having completed her Post Graduate degree in Digital Marketing, Shreshtha always nurtured an innate passion for writing. She works as a content writer at and pens down news articles spanning numerous verticals. Her other interests include reading and travelling.