German phishing scheme preyed on high-level execs needing PPE

One hundred German companies in need of personal protective equipment (PPE) such as facemasks and medical gear were targeted in a COVID-19 phishing scheme designed to steal and exfiltrate user credentials.

IBM X-Force IRIS discovered unknown hackers erected a fake Microsoft login page connected to different Yandex email accounts, although it was unknown how many of the attacks succeeded, according to Security Intelligence, which closely tracked 40 of the impacted firms and first reported the attacks.

A German government task force brought the commerce leaders together in late March when the global supply chain scrambled to locate and buy available PPE as the pandemic rapidly taxed hospitals and healthcare providers to their breaking point while dealing with unprecedented loss of life from the new disease.

Among the task force participants included BASF, Volkswagen, Lufthansa, Otto and logistics company Fieg. Germany’s Ministry of Health, the Ministry of Finance and the Federal Foreign Office brought the firms together to help the country better control the health crisis because of the private sector’s expertise in sourcing goods from China and the public sector’s reportedly initial slow response in realizing the gravity of the situation. German Chancellor Angela Merkel participated in the meeting. IBM X-Force detailed in a March 3 blog post likely phishing attack trends, similar to what now transpired in Germany.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.