The campaign was a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world's population against the novel coronavirus, although some outside experts questioned whether that was the hackers' focus, said IBM.

IBM in a blog post here said it had uncovered "a global phishing campaign" focused on organizations associated with the COVID-19 vaccine "cold chain" - the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people's arms.

The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed - the U.S. government's national vaccine mission - to be on the lookout.

Other cybsecurity experts expressed some skepticism, however, of IBM's findings.

Joe Slowik, a researcher at online threat intelligence firm DomainTools, said he believed IBM had stumbled upon "a subset of activity" that was part of a much wider campaign "which may not be focused on vaccines or similar activity."

While "definitely malicious," Slowik said he was not convinced it was specifically focused on vaccine distribution.

Who is behind the espionage is not clear. Messages sent to the email addresses used by the hackers were not returned.

IBM's cybersecurity unit had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.

The companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice, were targeted.

According to IBM analyst Claire Zaboeva, who helped draft the report, The hackers went through an exceptional amount of effort. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.

"Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic," she said.

The only organization identified by name in IBM's report - the European Commission's Directorate-General for Taxation and Customs Union - said in a statement that it was aware that it had been targeted in the hacking campaign.

"We have taken the necessary steps to mitigate the attack and are closely following and analysing the situation," the statement said.

A news agency had previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments. Cybercriminals have also been active against health care providers such as hospitals during the pandemic.

IBM's Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine "should be topping the lists of nation states across the world," she said.