Corona-hackers targeted EU officials with bogus emails

Haier Biomedical is a Chinese firm that deals with refrigeration of vaccines in storage and transport.

The Cold Chain Equipment Optimisation Platform (CCEOP) is a UN-linked group in which private companies and public institutions work together to distribute drugs.

The fake executive, using the address yongbinxu@haierbiomedical.com, sent emails to people containing "malicious" links, which, when clicked, prompted the reader to disclose personal credentials.

Targets included EU officials in a commission department in Brussels dealing with customs and tax, who "could serve as a single point of compromise impacting multiple high-value targets across the 27 member states of the European Union and beyond," IBM said.

Targets also included staff in a German website-development company in the CCEOP, as well as other personnel in "sales, procurement, information technology, and finance positions" in "organisations within the energy, manufacturing, website creation, and software and internet security solutions" sectors in the Czech republic, Italy, and in what IBM called "greater Europe".

Organisations in South Korea and Taiwan also came under attack.

The idea was to use stolen information "to gain future unauthorised access to corporate networks and sensitive information relating to Covid-19 vaccine distribution," the US tech firm added.

IBM could not say who did it, but the signs "pointed to nation-state activity", it said.

The stolen data could also be "a hot black-market commodity", it added.

It was "unclear" if the attacks were successful, it noted.

But given that Haier Biomedical, the fake cover for the cyber-assaults, was so well-known in the vaccine-transport sector, it was probable "intended targets may engage with the inbound emails without questioning the sender's authenticity," IBM said.

The warning came as EU countries prepared to roll out massive corona-vaccination programmes in early 2021.

The EU has set aside €2 billion in its next budget to help defend commercial secrets in the single market from hackers, amid growing awareness of the threat.

EU institutions are frequently targeted by sophisticated villains.

"The majority of discovered, successful compromises of information in the GSC [general secretariat of the council] are from threat source level VERY HIGH (e.g. state-sponsored attacks)," according to an internal security document from the EU Council, which prepares member states' meetings in Brussels, seen by EUobserver.

'Scientific potential'

The EU, in July, stigmatised China, North Korea, and Russia as the world's worst culprits in its first-ever round of sanctions against cyber-crimes.

The UK, also in July, said Russian hackers had targeted Covid-19 researchers in Britain, Canada, and the US.

And China has been suspected of using more old-fashioned espionage to steal vaccine science in Belgium.

But speaking to EUobserver back in 2012, Alain Winants, the then head of the Belgian domestic intelligence service, the Dienst voor de Veiligheid van de Staat, said that, when it came to economic secrets, everybody was in on the act.

"It would be naive to think that only countries like Russia, China, Iran are spying [against the EU]," he said.

"There is one field where the difference between neutral, friendly, and unfriendly [intelligence] services tends to disappear and that's when you're talking about the protection of economic and scientific potential. In this case, I think every service is in competition with the others," Winants said.