Researchers have warned about an ongoing COVID-19-related phishing campaign that targets a German multinational corporation (MNC) which is part of a German government-private sector task force to procure personal protective equipment (PPE) for healthcare workers, such as face masks and medical gear.
The task force comprised of nine companies, including car manufacturer Volkswagen, pharmaceutical company Bayer, airline Lufthansa, chemical firm BASF and shipping company DHL, who are using their international contacts in foreign markets to procure PPE for Germany.
According to a recent report from the IBM X-Force Incident Response and Intelligence Services (IRIS) team, the hackers targeted more than 100 high-profile executives at a German multinational corporation. Overall, the researchers observed approximately 40 organizations being targeted in this campaign.
The IRIS team believes that the goal of the attackers was to compromise “a single international company’s global procurement operations, along with their partner environments devoted to a new government-led purchasing and logistics structure.”
The attacks against the MNC began on March 30, 2020, the same day when German officials held talks with the members of the task force. The activity was traced back to an IP address in Russia (178[.]159[.]36[.]183), which researchers linked to more than 280 URLs that redirect to fake Microsoft login pages designed to steal users’ credentials. The gathered credentials are then sent to several email accounts hosted by the Russia-based company Yandex.
The researchers said it is unclear how many of these attacks were successful.
“Through credential harvesting, threat actors could gain access to the victims’ email accounts with the potential to collect or exfiltrate data of interest, and/or move laterally through the network to fulfill other actions on objectives,” the report reads.
“Given the worldwide spread of COVID-19 and fears of a pending second wave of infection, it is highly likely criminal and state-sponsored actors alike will seek to exploit global procurement and supply chains with the intention of either profiting from the crisis or supporting the acquisition activities of their host nation,” the research team pointed out.