Incident: Cyber-Espionage Targeting Covid Vaccine Supply Chain by Nation-State Hackers

Published Date: 2020-12-03

Postmortem Analysis
Timeline 1. The software failure incident targeting the Covid vaccine supply 'cold chain' happened in September 2020 as mentioned in Article [108576].
System The software failure incident reported in Article 108576 involved a cyber-espionage campaign targeting the international vaccine supply chain's "cold chain" system. The specific systems that failed in this incident are: 1. Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance [108576] 2. European Commission's Directorate General Taxation and Customs Union [108576] 3. Companies involved in manufacturing solar panels for vaccine cold storage [108576] 4. South Korean software-development company [108576] 5. German website-development company supporting clients associated with pharmaceutical manufacturers, container transport, biotechnology, and manufacturers of electrical components for communications [108576]
Responsible Organization 1. The hackers targeted the Covid vaccine supply 'cold chain', with the sophistication of their methods indicating a nation state involvement [108576].
Impacted Organization 1. Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance [108576] 2. European Commission's Directorate General Taxation and Customs Union [108576] 3. Companies involved in manufacturing solar panels for vaccine cold storage [108576] 4. South Korean software-development company [108576] 5. German website-development company supporting clients associated with pharmaceutical manufacturers [108576]
Software Causes 1. Phishing emails containing malicious code were used to target organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, leading to potential data breaches and infrastructure compromise [108576].
Non-software Causes 1. The failure incident was caused by cyber-espionage targeting the international vaccine supply chain, specifically the "cold chain" used to keep vaccines at the right temperature during transportation [108576]. 2. The attackers impersonated a business executive from a legitimate Chinese company involved in the supply cold chain to make it more likely the targets would engage with the phishing emails [108576]. 3. Phishing emails containing malicious code were sent to organisations involved in transportation, asking for people's log-in credentials, which could have allowed the attackers to understand the infrastructure governments intended to use to distribute vaccines [108576]. 4. The attackers engaged in precision targeting of specific organisations involved in vaccine distribution, solar panel manufacturing, software development, and website development, indicating a high level of sophistication and intelligence gathering [108576].
Impacts 1. The software failure incident targeting the Covid vaccine supply 'cold chain' led to potential unauthorized access to sensitive information related to vaccine distribution infrastructure, which could impact the global economy and people's lives [108576].
Preventions 1. Implementing robust cybersecurity measures such as multi-factor authentication and regular security training to prevent falling victim to phishing attacks [108576]. 2. Conducting thorough security assessments and audits of the systems and networks involved in vaccine distribution to identify and patch vulnerabilities that could be exploited by attackers [108576]. 3. Enhancing collaboration and information sharing between organizations involved in vaccine distribution to collectively strengthen defenses against cyber-espionage campaigns [108576].
Fixes 1. Enhancing cybersecurity measures to prevent phishing attacks and unauthorized access to sensitive information [108576]. 2. Implementing multi-factor authentication to protect login credentials from being compromised [108576]. 3. Conducting regular security audits and assessments to identify vulnerabilities in the system [108576].
References 1. IBM [Article 108576]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident having happened again at one_organization: The article does not mention any previous incidents of a similar nature happening within the same organization or with its products and services. Therefore, there is no information available to suggest that a similar incident has occurred before at the organization mentioned in the article [108576]. (b) The software failure incident having happened again at multiple_organization: The article mentions that the UK had previously warned about Russian intelligence targeting UK vaccine research, including at Oxford, and the US had warned about Chinese hacking targeting vaccine research. Additionally, Microsoft reported seeing North Korean and Russian hackers targeting vaccine research. This indicates that similar incidents of cyber-espionage targeting vaccine research have occurred at multiple organizations or countries [108576].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the article where hackers targeted the Covid vaccine supply cold chain by sending phishing emails containing malicious code. The attackers impersonated a business executive from a legitimate Chinese company involved in the Cold Chain Equipment Optimisation Platform (CCEOP) to make it more likely for the targets to engage with the email. This indicates a failure due to contributing factors introduced by the system development and the procedures to operate the system [108576]. (b) The software failure incident related to the operation phase is evident in the article where phishing emails were sent to organisations involved in transportation, containing malicious code and asking for people's log-in credentials. If successful, this operation could have allowed the attackers to understand the infrastructure that governments intended to use to distribute vaccines. This failure is due to contributing factors introduced by the operation or misuse of the system [108576].
Boundary (Internal/External) within_system (a) within_system: The software failure incident reported in the article is primarily due to factors originating from within the system. The incident involved a cyber-espionage campaign targeting the international vaccine supply chain's "cold chain" used to keep vaccines at the right temperature during transportation [108576]. The attackers utilized phishing emails containing malicious code to target organizations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, a key player in vaccine distribution. This indicates that the failure was initiated and executed through actions taken within the system itself.
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident reported in the article is related to a cyber-espionage campaign targeting the international vaccine supply chain's "cold chain" used to keep vaccines at the right temperature during transportation. The attackers impersonated a business executive from a legitimate Chinese company involved in the Cold Chain Equipment Optimisation Platform (CCEOP) to send phishing emails containing malicious code to organisations linked to vaccine distribution. This incident was driven by non-human actions, specifically the use of phishing emails and malicious code to compromise the vaccine supply chain [108576]. (b) The software failure incident occurring due to human actions: The article does not specifically mention any software failure incident caused by contributing factors introduced by human actions. Therefore, information regarding a software failure incident resulting from human actions is unknown based on the provided article.
Dimension (Hardware/Software) software (a) The software failure incident occurring due to hardware: - The software failure incident reported in the article is not directly attributed to hardware issues. Instead, it is related to cyber-espionage targeting the vaccine supply chain's "cold chain" used for transportation [108576]. (b) The software failure incident occurring due to software: - The software failure incident reported in the article is a result of sophisticated cyber-espionage tactics involving phishing emails containing malicious code targeting organisations involved in the vaccine supply chain. This incident originated from software-related factors such as the use of phishing emails and malicious code to compromise systems [108576].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident reported in the article is malicious in nature. Hackers targeted the Covid vaccine supply 'cold chain' through a cyber-espionage campaign aimed at the delivery system used to keep vaccines at the right temperature during transportation. The attackers impersonated a business executive from a legitimate Chinese company involved in the supply chain to send phishing emails containing malicious code to organisations involved in transportation, with the intent to gather intelligence on the infrastructure used to distribute vaccines [108576].
Intent (Poor/Accidental Decisions) poor_decisions The intent of the software failure incident reported in the article is related to **(a) poor_decisions**. The incident involved a cyber-espionage campaign targeting the international vaccine supply chain's "cold chain" used to keep vaccines at the right temperature during transportation. The attackers impersonated a business executive from a legitimate Chinese company involved in the supply cold chain to make it more likely for the targets to engage with the phishing emails containing malicious code. This indicates a deliberate and calculated effort by the attackers to exploit vulnerabilities in the system through deceptive means [108576].
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article [108576]. (b) The software failure incident related to accidental factors is evident in the article as hackers targeted the Covid vaccine supply cold chain through a sophisticated cyber-espionage campaign. The attackers impersonated a business executive from a legitimate Chinese company involved in the supply cold chain to make it more likely for the targets to engage with the phishing emails containing malicious code. This accidental engagement with the malicious emails led to potential access to sensitive information about the vaccine distribution infrastructure [108576].
Duration unknown The articles do not provide information about the duration of the software failure incident related to the cyber-espionage targeting the Covid vaccine supply 'cold chain'. Therefore, it is unknown whether the software failure incident was permanent or temporary.
Behaviour value, other (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [108576]. (b) omission: The software failure incident does not involve the system omitting to perform its intended functions at an instance(s) [108576]. (c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early [108576]. (d) value: The software failure incident is related to the system performing its intended functions incorrectly, as the attackers sent phishing emails containing malicious code and asked for people's log-in credentials, potentially compromising the infrastructure intended for vaccine distribution [108576]. (e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [108576]. (f) other: The software failure incident involves the system being used in a sophisticated manner by attackers impersonating a legitimate Chinese company executive to target organisations involved in the vaccine supply chain, indicating a high level of precision targeting and potential nation-state activity [108576].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence, other (a) death: People lost their lives due to the software failure - No information in the provided article about people losing their lives due to the software failure incident [108576]. (b) harm: People were physically harmed due to the software failure - No information in the provided article about people being physically harmed due to the software failure incident [108576]. (c) basic: People's access to food or shelter was impacted because of the software failure - No information in the provided article about people's access to food or shelter being impacted due to the software failure incident [108576]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident targeted the international vaccine supply chain, potentially impacting the distribution of vaccines and the infrastructure intended for vaccine distribution [108576]. (e) delay: People had to postpone an activity due to the software failure - The software failure incident involving phishing emails and malicious code could have impacted the infrastructure governments intended to use to distribute vaccines, potentially causing delays in vaccine distribution [108576]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident targeted the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, which is involved in distributing vaccines around the world, impacting the efficiency of vaccine distribution [108576]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had real observed consequences related to potential impacts on vaccine distribution and infrastructure [108576]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the potential consequences of the cyber-espionage campaign targeting the vaccine supply chain, including the potential for advanced insight into vaccine distribution and the impact on life and the global economy [108576]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident could have potentially led to unauthorized access to sensitive information and infrastructure related to vaccine distribution, posing risks to the security and integrity of the vaccine supply chain [108576].
Domain health (a) The failed system was intended to support the health industry. The incident involved a cyber-espionage campaign targeting the international vaccine supply chain, specifically the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, which distributes vaccines around the world to some of the poorest regions [108576].

Sources

Back to List