True North Networks Blog
[HEADS UP] Recent Phishing Attack in Germany Hits Coronavirus Task Force
An ongoing phishing attack has been targeting executives of a company working to provide the German coronavirus task force with protective gear. The company is multinational and more than 100 high-profile executives have received phishing emails. The name of the company is unknown at this time, however, sources have revealed that it is part of a task force created in late March by the German government to procure PPE for healthcare workers.
The task force consists of nine major companies, including Volkswagen, Bayer, Lufthansa, BASF, and DHL. Researchers have reported that the phishing attack seemingly targets multiple firms and third-party supply chain partners associated with the task force. How many of the phishing attempts were successful is unclear, but the attacks have been occurring since March 30.
Researchers who discovered the phishing attack believe its perpetrators may be targeting multiple firms, and third-party supply chain partners, associated with the task force.
The emails contained URLs that redirect the email recipients to a fake, attacker-controlled Microsoft login page that’s designed to steal user credentials. Once passwords have been inputted, they are then exfiltrated to several different email accounts hosted on Russian email service Yandex.
While it is unclear how many of the phishing attacks were successful, the attack could open the door to credential harvesting, which could allow threat actors to access victims’ email accounts. From there, they could collect or exfiltrate data of interest, or move laterally through the network for other malicious purposes, researchers said.