Emotet malware attack at the Max Planck Institute for Plasma Physics

The Max Planck Institute for Plasma Physics (IPP) was the victim of a cyberattack via the destructive malware EMOTET on 12 June 2022

July 11, 2022

The malware was distributed via a spam email campaign. EMOTET can read out contact relationships and email content from the mailboxes of infected systems. The perpetrators use this information to further spread the malware. Recipients then receive emails that appear to have been sent by people with whom they have only recently been in contact, but are fake. The emails often hijack conversation threads from legitimate emails, making the messages look as if they are a reply to previously sent messages. Due to the correct specification of the names and email addresses of the sender and recipient in the header, salutation, and signature, these emails appear legitimate and users might therefore be tempted to open the malicious file attachment or the URL contained in the message.

The Max Planck Institute immediately took protective measures and disconnected the institute's Garching site from the Internet. A system clean-up and additional system protection were carried out. Furthermore, all user passwords will be changed and the introduction of comprehensive multi-factor authentication was started.

Internet users who were in e-mail contact with the Max Planck Institute for Plasma Physics should be aware that they could also be attacked. This is how to best protect yourself from the malware as potential recipient and what you should look out for:


  • Install timely security updates for operating systems and application programmes (web browsers, email clients, office applications, etc.).
  •  Use anti-virus software and update it regularly.
  • Back up your data on a regular basis (backups).
  • Only use a user account without administrator rights for e-mail and Internet.
  • Download programmes only from original sources, apps only from official app stores.
  • Run a scan with anti-virus software before installation.
  • Open attachments and follow links only if they come from a trustworthy source.
  • Treat file attachments of e-mails (''Office'' documents in particular) with caution and check links contained in the messages before clicking on them even if they appear to come from known senders. If in doubt, call the sender of a suspicious e-mail and inquire about the credibility of the content.

Further information can be found on the website of the Federal Office for Information Security and the Federal Criminal Police Office (in German).

Go to Editor View