On March 30, as reported coronavirus cases continued to climb in Germany, the country’s government tasked nine multinational companies, including pharmaceutical giant Bayer and automaker Volkswagen, with procuring personal protective equipment to make up for a lack of gear.
The same day, unidentified hackers began an intensive phishing campaign to infiltrate at least one of those nine firms, according to research published Monday by IBM. The findings show how multiple aspects of societies’ response to the coronavirus — from testing facilities to vaccine research to PPE procurement — have been targeted by hackers of various stripes.
The phishing attempts against the unnamed German company, which are ongoing, have extended to more than 100 senior management and procurement executives at the company and its suppliers in multiple sectors, according to IBM. It is unclear if the hacking has been successful, or who is responsible (IBM researchers weren’t sure).
What is clear is that the hackers knew which senior corporate executives they wanted to compromise as soon as the German PPE task force was announced.
“These phishing emails weren’t headed for the HR department,” Nick Rossman, lead of research and operations at IBM X-Force IRIS, told CyberScoop. “They were targeting high-ranking executives…in companies that, together, form an essential supply chain to respond to the coronavirus crisis.”
The phishing links were designed to direct executives to fake Microsoft login pages to steal their credentials and send them to accounts hosted on Yandex, a Russian email service. If successful, that data could be used to gather valuable information on the company’s procurement of PPE, which governments have fought over as the virus has raged.
Researchers declined to name the company targeted. In addition to Bayer and Volkswagen, the German government-backed task force to procure PPE includes the airline Lufthansa, chemical company BASF, and shipping company DHL. Each of those companies has big supply chains and logistics operations that can be used to scour the world for masks and gloves.
“Given the extensive targeting observed of this supply chain, it’s likely that additional members of the task force could be targets of interest in this malicious campaign, requiring increased vigilance,” Rossman and his colleagues wrote in a blog.
IBM said it reported its findings to the targeted company and to the German government’s Computer Emergency Response Team. The latter did not respond to a request for comment.
The hackers, meanwhile, aren’t letting up.
“As recent as last week, we saw the targeting of a high-ranking executive of a European bio-pharmaceutical company — a company that is likely associated [with] the supply chain of a task force member,” Rossman said.