Hacking groups have always used a global crisis to lure users and gain access to their personal information. Now, as the fear of the Novel Coronavirus continues to rise, many government-sponsored attacks have been detected by various cybersecurity organisations. The countries involved in these types of attacks include China, North Korea and Russia.
Just a few weeks ago, we saw hackers using COVID-19 related emails to infiltrate targets. Now, these types of attacks have increased in number and many are coming from state-sponsored hacking groups.
The Russian Situation
Discovered by cyber-security firm QiAnXin, one of the first state-sponsored attacks using Coronavirus-themed emails came from the Hades Group. The cyber-security firm believes that the group was working from Russia. They also had a tie-up with the notorious group, APT28, codenamed Fancy Bear.
According to QiAnXin, the hackers from Hades sent emails containing documents about Coronavirus info to various targets in Ukraine. These documents were actually baits that contained a hidden trojan. To make the emails look legit, the hackers disguised them as emails from the Center for Public Health of the Ministry of Health of Ukraine. When one of these emails became viral on social media, many residents blocked Ukrainian hospitals to protect their children. They thought that the disease has arrived and this led to many panic-driven riots in the country.
Attacks on North Korea
Another country that used COVID-19 as an online weapon was North Korea in mid-February. Cyber-security firm, IssueMakersLab found that many COVID-19 themed emails sent to South Korean government officials came with the BabyShark malware. This malware can exfiltrate system information and maintain persistence on the system.
Attacks from the Chinese Groups
Now, the most number of malware campaigns came from the country where the hazardous virus originated. Chinese hackers have run two malware campaigns consequently using the COVID-19 crisis. The first attack involved the Vietnamese government. The Vietnamese cyber-security firm, VinCSS, recognised a Chinese government-sponsored hacking group codenamed “Mustang Panda” is spreading Coronavirus related emails that contained a RAR file. These files came with the emails and said to contain information from the Prime Minister of Vietnam about the outbreak of the disease. When users downloaded and unzipped these .rar files, it installed a basic trojan that can use a backdoor in systems to access the users’ information.
Another attack reported by cyber-security firm Check Point Research said that a Chinese hacking group named “Vicious Panda” had been targetting the Mongolian government organisations.
These type of attacks are not uncommon during a time of global crisis. And many hacking groups use the crisis to espionage many government organisations in order to gather sensitive data.