Elite Hackers Are Using Coronavirus
Emails to Set Traps

Government-backed hacking groups from China, North Korea, and Russia are not letting a global pandemic go to waste and have begun using coronavirus-based phishing lures as part of their efforts to infect victims with malware and gain access to their infrastructure.

During the past weeks, the cyber-security community has seen state-sponsored hackers from China, North Korea, and Russia attempt these tactics.

The use of the COVID-19 (coronavirus) lure is not actually a surprise for those who have followed the information security (infosec) industry enough.

Cyberspies have not let a tragedy or national disaster go to waste. From the Paris terror attack of November 2015 to the oppression of the Uyghur population in China, state-sponsored groups have always crafted their email lures to achieve the maximum results at a certain given time, and, historically, tragic events have always presented the best lures.


The first state-sponsored hacking group to employ a coronavirus lure was the Hades group, believed to be operating out of Russia, and with a tie to APT28 (Fancy Bear), one of the groups who also hacked the DNC in 2016.

According to cyber-security firm QiAnXin, Hades hackers carried out a campaign in mid-February when they hid a C# backdoor trojan in bait documents containing the latest news regarding COVID-19.

The documents were sent to targets in Ukraine, disguised as emails coming from the Center for Public Health of the Ministry of Health of Ukraine.

The targeted emails appear to have been part of a larger disinformation campaign that hit the entire country, on different fronts.

First, at the same time Hades was targeting its targets, a wave of coronavirus-themed spam emails hit the country. Second, the email campaign was followed by a flood of messages on social media claiming the COVID-19 disease had arrived in the country.

According to a BuzzFeed News report, one of these emails went viral, and supported by the wave of social media scaremongering led to a general panic and violent riots in some part of the country.

BuzzFeed News reported that in some Ukrainian cities residents blocked hospitals fearing their children could get infected by coronavirus-infected evacuees coming from Ukraine's war-torn eastern region.

In this general panic, a few malware-laced emails had a much higher chance of passing undetected and reaching their targets, most of whom were most likely interested in the current events unfolding in the country.


The next country to weaponize COVID-19 for spear-phishing lures was North Korea, at the end of February, although in a campaign that was nowhere near as sophisticated like the one that hit Ukraine.

According to a tweet shared by South Korean cyber-security firm IssueMakersLab, a group of North Korean hackers also hid malware inside documents detailing South Korea's response to the COVID-19 epidemic.

The documents -- believed to have been sent to South Korean officials -- were boobytrapped with BabyShark, a malware strain previously utilized by a North Korean hacker group known as Kimsuky.


But the most malware campaigns using coronavirus themes came from China, all being sent out over the past two weeks, just as China had pulled out of its own COVID-19 crisis.

The first of the two happened at the start of this month. Vietnamese cyber-security firm VinCSS detected a Chinese state-sponsored hacking group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister.

The attack, also confirmed by CrowdStrike, installed a basic backdoor trojan on the computers of users who downloaded and unzipped the file.

The second attack was detailed on 3-13-2020 by another cyber-security firm. The company said it had been tracking another Chinese group called Vicious Panda that had been targeting Mongolian government organizations with documents claiming to hold information about the prevalence of new coronavirus infections.

These attacks from cyber-espionage groups aren't the only ones feeding on the COVID-19 global panic, though.

Regular cybercrime gangs have also been using the same lure for just as long as professional cyberspies, according to a ZDNet report published last week, citing findings from Fortinet, Sophos, Proofpoint, and others.

Article Source: Catalin Cimpanu/ zdnet.com

 User Friendly


On-site or Remote Services

Call us M-F 9AM-5PM

Laguna Beach Computer Service

T: (949) 485-1767

  • Facebook Clean
  • Instagram - White Circle
  • White Yelp Icon
  • LinkedIn - White Circle
  • Twitter Clean
  • Tumblr - White Circle
  • White YouTube Icon


Laguna Beach Computer Repair, Newport Beach Computer Repair, Laguna Niguel Computer Repair, Dana Point Computer Repair, San Juan Capistrano Computer Repair, San Clemente Computer Repair, Laguna Hills Computer Repair, Irvine Computer Repair, Mission Viejo Computer Repair, Aliso Viejo Computer Repair, Corona Del Mar Computer Repair, Capo Beach Computer Repair, Ladera Ranch Computer Repair, Orange County Computer Repair, South Orange County Computer Repair, Computer Repair Laguna Beach, Computer Repair Newport Beach, Computer Repair Laguna Niguel, Computer Repair Dana Point, Computer Repair San Juan Capistrano, Computer Repair San Clemente, Computer Repair Laguna Hills, Computer Repair Irvine, Computer Repair Mission Viejo, Computer Repair Aliso Viejo, Computer Repair Corona Del Mar, Computer Repair San Juan Capistrano, Computer Repair Capo Beach, Computer Repair Ladera Ranch, Computer Repair Orange County, Computer Repair South Orange County, Laguna Beach Computer Service


Website Design Laguna Beach, home computer repair, computer repair specialist, computer repair experts, computer fixing services, computer hardware repair, computer repair, user friendly computer services, computer repair locations, computer repair pricing, computer repair technician, repair my computer, computer virus removal, professional computer repair, mobile computer repair, computer repair service, computer fix, computer house calls, computer repair downtown, computer repair memory, computer tech, on site computer service, mobile computer diagnostic & repair, computer upgrades, computer spyware removal, laptop repair services near me, computer maintenance, computer hardware upgrades, computer repair shop services, South Orange County Computer Repair, Orange County Computer services, Laguna Beach Computer Service, IT Support Services, Laguna Beach Computer Repair