Targeting of Entities Involved with COVID-19 Vaccines

Summary

In addition to distributing COVID-19 vaccine-themed phishing emails to private citizens, threat actors are also targeting various entities involved in the creation, approval, and distribution of COVID-19 vaccines. A global phishing campaign targeted organizations involved with the COVID-19 cold chain – a part of the supply chain responsible for ensuring the vaccine is in a temperature-controlled environment during storage and transport. In addition, the European Medicines Agency, which is in charge of approving COVID-19 vaccines, disclosed this week that they were the victim of a cyberattack. Documents related to the Pfizer/BioNTech COVID-19 vaccine were accessed during the network compromise.

Recommendations

The NJCCIC recommends entities involved in the various components of COVID-19 vaccine development, approval, storage, and distribution remain vigilant, exercise caution with emails, and establish a defense-in-depth cybersecurity strategy. As vaccine distribution is expected in the coming weeks, users are also advised to exercise caution with emails, social media posts, and websites claiming to be related to the COVID-19 vaccine, and only visit official government and healthcare websites for information regarding vaccines.