Hackers target senior executives at German company procuring PPE

The hackers knew which executives they wanted to compromise soon after the German PPE task force was announced.
N95 air filter mask, personal protective equipment (PPE)
(Getty Images)

On March 30, as reported coronavirus cases continued to climb in Germany, the country’s government tasked nine multinational companies, including pharmaceutical giant Bayer and automaker Volkswagen, with procuring personal protective equipment to make up for a lack of gear.

The same day, unidentified hackers began an intensive phishing campaign to infiltrate at least one of those nine firms, according to research published Monday by IBM. The findings show how multiple aspects of societies’ response to the coronavirus — from testing facilities to vaccine research to PPE procurement — have been targeted by hackers of various stripes.

The phishing attempts against the unnamed German company, which are ongoing, have extended to more than 100 senior management and procurement executives at the company and its suppliers in multiple sectors, according to IBM. It is unclear if the hacking has been successful, or who is responsible (IBM researchers weren’t sure).

What is clear is that the hackers knew which senior corporate executives they wanted to compromise as soon as the German PPE task force was announced.


“These phishing emails weren’t headed for the HR department,” Nick Rossman, lead of research and operations at IBM X-Force IRIS, told CyberScoop. “They were targeting high-ranking executives…in companies that, together, form an essential supply chain to respond to the coronavirus crisis.”

The phishing links were designed to direct executives to fake Microsoft login pages to steal their credentials and send them to accounts hosted on Yandex, a Russian email service. If successful, that data could be used to gather valuable information on the company’s procurement of PPE, which governments have fought over as the virus has raged.

Researchers declined to name the company targeted. In addition to Bayer and Volkswagen, the German government-backed task force to procure PPE includes the airline Lufthansa, chemical company BASF, and shipping company DHL. Each of those companies has big supply chains and logistics operations that can be used to scour the world for masks and gloves.

“Given the extensive targeting observed of this supply chain, it’s likely that additional members of the task force could be targets of interest in this malicious campaign, requiring increased vigilance,” Rossman and his colleagues wrote in a blog.

IBM said it reported its findings to the targeted company and to the German government’s Computer Emergency Response Team. The latter did not respond to a request for comment.


The hackers, meanwhile, aren’t letting up.

“As recent as last week, we saw the targeting of a high-ranking executive of a European bio-pharmaceutical company — a company that is likely associated [with] the supply chain of a task force member,” Rossman said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts