Threat actors are actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating a biomedical company, Haier Biomedical, and are sending out spear-phishing messages to executives and global organizations involved in vaccine storage and transport. Haier Biomedical is a legitimate member company of the COVID-19 vaccine supply chain, it is also a qualified supplier for the CCEOP program.
Spear-phishing emails were sent to select executives in sales, procurement, information technology and finance positions, likely involved in company efforts to support a vaccine cold chain.
The phishing campaign hit global organizations with headquarters in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan. The attackers aim at harvesting account credentials to use in further attacks against the same organizations.