Nation-states use COVID-19 phishbait, too.
COVID-19-themed phishbait continues to circulate widely, and state-sponsored threat actors have unsurprisingly joined the party, ZDNet notes. Chinese security firm QiAnXin observed a phishing campaign targeting Ukraine with macro-laden documents that purported to be from Ukraine’s Ministry of Health and offered news about the coronavirus. QiAnXin believes this campaign was run by Russia’s “Hades” group (also known as “Sandworm”).
South Korean company IssueMakersLab found COVID-19-themed documents targeting South Korean officials that delivered the BabyShark malware, which has been associated with North Korean threat actors.
Check Point describes a recent campaign that targeted a Mongolian government entity with documents outlining the Chinese government’s response to the COVID-19 crisis. The researchers believe this activity is part of a “long-running Chinese-based operation against a variety of governments and organizations worldwide.” They believe this group, which they call “Vicious Panda,” has been active since at least 2016, and it may have targeted Russia, Ukraine, Belarus, and other countries in previous operations.
Another Chinese group, Mustang Panda, is thought to be behind a malware campaign that appears to be targeting users in Vietnam, according to Vietnamese security firm VinCSS.
Recorded Future summarizes these attacks, along with widespread criminal phishing activity, noting that the phishing lures tend to impersonate “country-specific health agencies,” in addition to the World Health Organization.
Cyberattacks against healthcare entities.
Mother Jones reports that a ransomware attack took down the website of Illinois’s Champaign-Urbana Public Health District, highlighting the heightened risk of disruptive attacks against government agencies and healthcare entities in the midst of an epidemic. Recorded Future analyst Allan Liska pointed to a ransomware attack against a cloud provi ..
Support the originator by clicking the read the rest link below.
