IBM has identified phishing emails which were sent out across six countries, which targeted organizations linked to the Cold Chain Equipment Optimization Platform (CCEOP) of Gavi, the international vaccine alliance.  Gavi’s partners include the World Health Organization, Unicef, the World Bank and the Bill & Melinda Gates Foundation. They help distribute vaccines around the world to some of the poorest regions.

The attackers impersonated a business executive from a legitimate Chinese company involved in CCEOP’s supply cold chain to make it more likely the targets would engage with the email.  They then sent phishing emails to organizations that provided transportation, which contained malicious code and asked for people’s log in credentials.  That could have allowed them to understand the infrastructure that governments intended to use to distribute vaccines.

Advanced insight into the purchase and movement of a vaccine that can impact life and the global economy is likely a high-value and high-priority nation-state target.  The precision targeting and nature of the specific targeted organizations potentially point to nation-state activity

IBM has notified those targeted and law-enforcement authorities.

What to do?

So far, the activity has been about intelligence gathering and intellectual property theft.

Ensure your antivirus and firewall software is up to date and being monitored on a routine basis.

What can you do to when this happens to you?

If you think your network security has been breached shut the network down and identify any malware/viruses / or data exfiltration.  Mitigate the breach and notify affected users/organizations. Reinstate the network using a known “clean” backup.