Cyber Incident Victim: Hapag-Lloyd

On or around March 6, 2022, Hapag-Lloyd identified a spear phishing attack involving a fraudulent replica of its official website designed to harvest user credentials. The attackers uploaded this counterfeit site and directed users to log in through deceptive communications, enabling unauthorized data collection. The company’s security team discovered the fake website on March 6, though the exact creation date remained undetermined. Hapag-Lloyd promptly issued advisories instructing customers to manually enter the company’s official URL instead of clicking email links and to scrutinize email links for authenticity before submitting personal access credentials. Affected users were urged to change their passwords immediately. The attack coincided with broader cybersecurity warnings about threat actors disguising disruptive operations, such as wiper-malware campaigns, as low-sophistication incidents.

The incident occurred amid heightened cyber-risk awareness linked to the Russia-Ukraine conflict, though no direct connection to geopolitical events was confirmed. Hapag-Lloyd had recently suspended services to Russia and closed its Ukrainian offices, operational since mid-2021, as part of industry-wide sanctions compliance. Cybersecurity consultancy CyberCX had previously cautioned organizations about targeted attacks masquerading as rudimentary threats, noting that some campaigns aimed to destroy data rather than extract ransoms. Hapag-Lloyd’s response emphasized procedural safeguards, recommending customers utilize organizational phishing mail analyzers if available and report suspicious emails. The company did not disclose the scale of compromised accounts or specific operational disruptions resulting from the attack. Its communications focused exclusively on credential security and verification protocols to prevent further unauthorized access.