Supply Chain Council of European Union | Scceu.org
News

Hackers are attacking the German PPE supply chain

Hackers are attacking the German PPE supply chain

Hackers are attacking high ranking executives of a German multinational corporation part of a government-private sector task force focused on personal protective equipment (PPE) procurement.

The attackers behind this pandemic-related spear-phishing campaign have already attempted to steal the user credentials of over 100 senior executives as security researchers at IBM X-Force Incident Response and Intelligence Services (IRIS) said in a report published today. 

This task force’s members have been commissioned by the German government to leverage their expertise and contacts in foreign markets to secure PPE like medical gear and face masks, “particularly from China-based supply and purchasing chains,” IBM found.

Targeted attacks against PPE procurement supply chain

Attacks started on March 30, right after meetings between the German government and large German companies asked to support the efforts of the German Ministries of Health, of Finance, and the Federal Foreign Office to purchase PPE.

On the same day, execs at one of these nine corporations (logistics company FIEGE, German railway company Deutsche Bahn, BASF, Bayer, Daimler, DHL, Lufthansa, Otto, and Volkswagen) were targeted with phishing messages originating from a Russian IP address.

Roughly half of the attacked email accounts “belong to executives associated with operations, finance, and procurement within the targeted corporation,” while the other half “belong to executives at third-party partners, including European and American companies associated with chemical manufacturing, aviation and transport, medical and pharmaceutical manufacturing, finance, oil and gas, and communications.”

The researchers also point out that the attacks are ongoing, with other high ranking execs taking part in this effort to potentially become future targets.

“Given the extensive targeting observed of this supply chain, it’s likely that additional members of the task force could be targets of interest in this malicious campaign, requiring increased vigilance,” the report reads.

Ongoing credential harvesting campaign

The threat actor is using embedded hyperlinks that redirect the potential victims to phishing landing pages camouflaged as Microsoft login forms which will harvest and send credentials to several Yandex email accounts.

While the number of targets that had their accounts compromised is not known at the moment, in cases where it happened, the hackers could take control of the victim’s accounts allowing them to steal sensitive information, as well as further compromise other targets within the network.

Phishing
Image: IBM IRIS

“This discovery represents a precision-targeting campaign exploiting the race to secure essential PPE,” IBM explains.

“Based on our analysis, attackers likely intended to compromise a single international company’s global procurement operations, along with their partner environments devoted to a new government-led purchasing and logistics structure.

“Given the extensive targeting observed of this supply chain, it’s likely that additional members of the task force could be targets of interest in this malicious campaign, requiring increased vigilance.”

Related posts

The New Energy Era: The Lithium-Ion Supply Chain

scceu

Fashion Must Rethink Risk Planning, Supply Chain Resilience – Sourcing Journal

scceu

Buckle Down: No Relief From Supply Chain Woes Anytime Soon

scceu