Recently security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, but now experts are warning of similar attacks launched by
State-sponsored hackers from Russia, China, and North Korea never stop their activities and seems to be exploiting the interest in the Coronavirus (COVID-19) outbreak to spread malware.
Since the end of February, North Korea-linked hackers was observed launching Coronavirus-themed attacks against other states.
Experts from security firm IssueMakersLab uncovered a malware campaign launched by North Korean hackers that used documents detailing South Korea’s response to the COVID-19 epidemic as a
China-linked hackers are also attempting to exploit the interest in the Coronavirus outbreak as documented by Vietnamese cyber-security firm VinCSS.
Researchers uncovered attacks carried out by a China-linked APT group tracked as Mustang Panda that in the past targeted Mongolian-based MIAT Airlines, the non-profit China Center (China-Zentrum
According to VinCSS experts, the APT group employed spear-phishing messages using a RAR file attachment purporting including information about the Coronavirus outbreak from the Vietnamese Prime Minister.
“We recently recorded a malicious code (suspected from
Security experts from CheckPoint also tracked a Coronavirus-themed campaign attributed to a China-linked APT group tracked as Vicious Panda.
The state-sponsored hackers were targeting Mongolian government organizations with spear-phishing messages using documents claiming to contain information about the prevalence of new
“Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.” reads the analysis published by the CheckPoint experts.
“A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous group, dating back to at least 2016. Over the years, these operations targeted different sectors in multiple countries, such as Ukraine, Russia, and Belarus.”
Let’s close with a mention to Russia-linked APT groups exploiting Coronavirus as bait for the attacks.
Experts from cyber-security firm QiAnXin Technology uncovered a campaign targeting individuals in Ukraine using emails pretending to be from the Center for Public Health of the Ministry of Health of Ukraine.
The experts believe that the group behind the attack is the Hades APT, a Russian
(SecurityAffairs – hacking, coronavirus)