Both the IBM researchers and the department’s Cybersecurity and Infrastructure Security Agency said the attacks appear intended to steal the network credentials of corporate executives and officials at global organizations involved in the refrigeration process necessary to protect vaccine doses, or what the industry calls the cold chain. [snip]

The cyberattackers “were working to get access to how the vaccine is shipped, stored, kept cold and delivered,” said Nick Rossmann, who heads IBM’s global threat intelligence team. “We think whoever is behind this wanted to be able to understand the entire cold chain process.” [snip]

Researchers for IBM Security X-Force, the company’s cybersecurity arm, said they believed that the attacks were sophisticated enough that they pointed to a government-sponsored initiative, not a rogue criminal operation aimed purely at monetary gain. But they could not identify which country might be behind them. [snip]

If they are correct, the lead suspects would be hackers in Russia and North Korea, both of which have also been accused by the United States of conducting attacks to steal information about the process of manufacturing and distributing vaccines. Sometimes it is hard to tell the difference between official hacking operations for the Russian or North Korean governments and those run for private gain. [snip]

But some cybersecurity experts say they suspect something more nefarious: efforts to interfere with the distribution, or ransomware, in which the vaccines would be essentially held hostage by hackers who have gotten into the system that runs the distribution network and locked it up — and who demand a large payment to unlock it.