hackers are exploiting coronavirus fears for cyber spying
State-sponsored hackers and criminals in China and around the world are targeting their victims using the ongoing coronavirus to hack and spy and their victims. These attacks are not limited to state-sponsored hacking. Hacking groups associated with the Chinese and Russian governments and other governments have recently been using the Coronavirus pandemic to hack their victims using malicious email attachments encoded with a payload.
Two hacking groups aligned with the Chinese government targeted Vietnam, the Philippines, Taiwan, and Mongolia, the cybersecurity firms FireEye and Check Point reported today. The hackers are sending email attachments with genuine health information about coronavirus but laced with malware such as Sogu and Cobalt Strike, according to Ben Read, a senior intelligence analyst at FireEye.
A Russian hacking group that is known as TEMP. Armageddon recently targeted Ukrainian targets. Hacking methods used by TEMP. Armageddon was to craft malicious phishing emails that trick users into clicking a link causing the victim’s device to become hooked.
Experts at FireEye suspect the attacks against a recent South Korean target was done by North Korean hackers. The country of China and South Korea have had a high number of Coronavirus Covid-19.
The phishing email in question was written in the Korean language the email was titled “Coronavirus Correspondence.”
“You expect to get information from government sources, so it’s most likely that you will open and execute documents to see what it says,” said Lotem Finkelstein, head of threat intelligence at Check Point. “It makes it very useful to trigger an attack. The coronavirus outbreak serves threat actors very well, especially those that rely on phishing attacks to ignite attacks.”
Hacking of this nature is not limited to state-sponsored hacking cyber criminals from around the world are taking advantage of the current Cornovirus pandemic. Hackers in the past have also targeted the panic surrounding virus-like Ebola, Ziki and SARS for financial gain.
Hackers are using coronavirus topic to craft phishing emails with the panic and anxiety of Coronavirus attackers are increasing there attack rate from January 2020 and ongoing.
FireEye “We expect continued use of coronavirus-themed lures by both opportunistic and targeted financially motivated attackers due to the global relevance of the theme.”
The phishing emails in question can infect anyone who clicks on the attackers lure link this type of attack is very common and is often very successful at tricking its victims as it’s designed in a way to trick the users into believing the content there reading is genuine. Hackers targeting the Cornovirus topic are targeting businesses and individuals pretending to be from organizations such as the Centers for Disease Control (CDC) and the World Health Organization.
The phishing emails in question promise to cure coronavirus or offer medical equipment and support. These emails are crafted to deliver a virus, malware, keyloggers or other malicious payloads to the victim’s device in the hope of harvesting targets credentials for financial gain. I don’t think hackers are going to stop using these types of tactics any time soon.