Wapack Labs reports weekly on our “Top 5" collections indicators of compromise. For the past 6 months, analysts have noticed a specific company routinely appearing in our Top 5 victim domains collections. A large German pharmaceutical raw materials supplier has been the target of malicious emails being sent on a routine basis. Although there are multiple malware signatures, senders, and recipients in the emails, there are many commonalities in the data collected and analyzed by Wapack Labs.
The company, identified as FFC for privacy, was founded over 30 years ago as a producer of various organic chemicals in cooperation with sub-contractors and laboratories. FFC clients are in the pharmaceutical, biotech, cosmetic, veterinary, human/animal supplement and nutraceutical industries. Priorities for the company include contributions to climate change issues. In the early 2000’s, the company even installed solar power at one of their largest facilities.
In 2013, they began partnering with a raw materials distributer in the same country which took over the exclusive distribution for cosmetic substances in North, Central, and South America. After much success in the industry, FFC was able to increase their workforce by 35% in the past decade and expanding their facilities for more scientific equipment. As they are listed as a data controller and not a data processor, they have specific requirements defined by legal regulations.
Although we have malicious traffic recorded as far back as January 2016, we have continued to see malicious emails targeting not only FFC, but also some of their foreign agents around the globe.
Link to the full report: IR-19-261-001 Generic_Pharma.pdf