Phishing

Phishers Impersonate Maersk to Exploit Global Supply Chain Chaos

Natalie Petitto

May 18, 2022

10 min

Several waves of phishing emails impersonating Maersk have targeted more than 18,000 recipients, 13,000 recipients, and 5,000 recipients respectively between January 2022 and May 2022, exploiting the global supply chain crisis affecting millions of businesses around the world.

Users in New Zealand have been targeted with Maersk phishing emails with the subject line “Maersk Original Shipping Document” followed by the email of the recipient and the from address displayed as service@maersk.com, which mimics a legitimate Maersk email address.

The below phishing page features a login form titled “Shipping Docs Portal” and requires the user’s email address and password to log in to the fake portal.

Capture d’écran 2022-05-16 à 09.31.31

The most recent Maersk phishing URLs detected by Vade were hosted on katsugy.com, hire-a-writer.com, igo-sas.com, fastcloud.com, and hub4biz.com.

Capture d’écran 2022-05-16 à 09.31.37Maersk phishing URLs, IsItPhishing.AI

Maersk phishing campaigns have been active since 2018, but this most recent campaign spiked in March and April 2022. Previous research suggests a link between the 2018 Maersk campaign and the ‘MartyMcFly’ investigation into attacks targeting the Italian naval industry. Like the previous campaign, the current campaign is using compromised websites to host phishing kits and potentially malware.

New Zealand has been hit hard by the supply chain crisis, with products sitting in warehouses and no ships to transport them. New Zealand’s size and geographical location makes it particularly vulnerable, with shipping companies prioritizing business with larger and more accessible countries. This makes anxious New Zealand businesses optimal targets for phishing attacks.

As for Maersk, enduring supply chain issues from the COVID-19 pandemic, exasperated by the war in Ukraine, makes Maersk an ever attractive brand for phishers and other hackers to exploit.

Maersk recently withdrew operations from Russia due to Russia’s ongoing war in Ukraine, leaving 20,000 shipping containers stranded in Russian ports. Maersk is currently looking for buyers for its 30.75 percent share in Global Ports Investments, the operator of its Russian cargo operations. Maersk reported $717 million in losses in Q1 2022 as a result of pulling out of Russia.

The supply chain comes into focus for phishers

Complicating the already volatile global shipping crisis is new COVID-19 lockdowns in China, is adding additional strain on global shipping bottlenecks and bringing shipping giants into focus for hackers.

The war in Ukraine brings with it challenges to the global food supply chain, Ukraine being a major global supplier of both wheat and sunflower oil. Not only are hackers impersonating the shipping companies but also directly targeting farming and agricultural companies.

In April 2022, the FBI warned food and agriculture sector partners about the potential increase of cyberattacks during planting and harvest seasons. In the same month, Vade observed a 23 percent increase in phishing emails globally.

The FBI’s warning came after six grain operatives were targeted by ransomware in Fall 2021. In early May 2022, agricultural equipment company AGCO was hit with ransomware, potentially impacting the global supply of agricultural equipment production. AGCO products are sold in North America, South America, Europe, the Middle East, Asia-Pacific, and Africa.

With inflation at record levels and fears of further disruptions to the supply chain, phishers will have an ample supply of businesses to impersonate and users to exploit.

To learn more about how brand impersonation puts your users at risk, read our latest eBook “Phishers’ Favorites 2021 Year-in-Review.”