Hacking groups have always used a global crisis to lure users and gain access to their personal information. Now, as the fear of the Novel Coronavirus continues to rise, many government-sponsored attacks have been detected by various cybersecurity organisations. The countries involved in these types of attacks include China, North Korea and Russia.
Discovered by cyber-security firm QiAnXin, one of the first state-sponsored attacks using Coronavirus-themed emails came from the Hades Group. The cyber-security firm believes that the group was working from Russia. They also had a tie-up with the notorious group, APT28, codenamed Fancy Bear.
Another country that used COVID-19 as an online weapon was North Korea in mid-February. Cyber-security firm, IssueMakersLab found that many COVID-19 themed emails sent to South Korean government officials came with the BabyShark malware. This malware can exfiltrate system information and maintain persistence on the system.
Attacks from the Chinese Groups
Now, the most number of malware campaigns came from the country where the hazardous virus originated. Chinese hackers have run two malware campaigns consequently using the COVID-19 crisis. The first attack involved the Vietnamese government. The Vietnamese cyber-security firm, VinCSS, recognised a Chinese government-sponsored hacking group codenamed “Mustang Panda” is spreading Coronavirus related emails that contained a RAR file. These files came with the emails and said to contain information from the Prime Minister of Vietnam about the outbreak of the disease. When users downloaded and unzipped these .rar files, it installed a basic trojan that can use a backdoor in systems to access the users’ information.
