The cybersecurity researchers said they could not identify who was behind the campaign, but the precision and skills "hold the potential hallmarks of nation-state tradecraft."
The IBM team said that the operation started in September 2020, and targeted organizations that were likely associated with Gavi, The Vaccine Alliance's Cold Chain Equipment Optimization Platform (CCEOP) program, which is spearheading efforts to distribute a coronavirus vaccine to developing nations.
The researchers shared some details from the elaborate cyber scheme, saying the phishing emails impersonated an executive from Haier Biomedical, a legitimate member company of the COVID-19 vaccine supply chain and supplier for Gavi's CCEOP program.
Disguised as an employee for the major "cold chain" provider (a part of the vaccine supply chain that ensures temperature-controlled preservation of the vaccine during storage and transportation), the adversary sent phishing emails to organizations that are believed to be providers of material support to meet transportation and other needs within the vaccine supply cold chain.
"We assess that the purpose of this COVID-19 phishing campaign may have been to harvest credentials, possibly to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution," the IBM security researchers wrote.
The targets of the scheme included the European Commission’s Directorate-General for Taxation and Customs Union, as well as other organizations with headquarters in Germany, Italy, South Korea, Czech Republic and Taiwan.
The emails were sent to business executives that were likely involved in efforts to support a vaccine cold chain, IBM said.
The cybersecurity experts urged companies in all parts of the COVID-19 vaccine supply chain to be extra vigilant and "remain on high alert during this time."
While the attribution remains unknown, IBM's researchers reiterated that the precision targeting and more "potentially point to nation-state activity."
"Without a clear path to a cash-out, cyber criminals are unlikely to devote the time and resources required to execute such a calculated operation with so many interlinked and globally distributed targets," the researchers wrote. "Likewise, insight into the transport of a vaccine may present a hot black-market commodity, however, advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target."
The cyber scheme and new warning comes as the world anxiously awaits widespread distribution of a vaccine that can potentially end the global pandemic. The logistics of distributing the Pfizer vaccine also presents new hurdles as it must be stored in ultra-low-temperature freezers.
The U.K. became the first nation to authorize a COVID-19 vaccine on Wednesday, and the U.S. said authorizations could come later this month.
Meanwhile, as nations scramble for a vaccine, the virus continues to rage. On Wednesday, the U.S. virus death toll topped 2,804 in a single day for the first time.