Among the most sophisticated efforts has been a campaign by a group of Chinese hackers, dubbed Vicious Panda by cybersecurity researchers at Check Point, an Israeli-based technology company. In its report Thursday, Check Point called Vicious Panda an “advanced persistent threat,” a designation reserved for the most technically adept and well-organized attackers, often having government backing.
Vicious Panda used a fake document, purportedly disclosing coronavirus infection information from the Mongolian Health Ministry, to lure Internet users into sharing sensitive personal information, with the goal of gaining access to computers and smartphones, according to the Check Point report.
“COVID-19 is presenting not only a physical threat but a cyber threat as well,” Lotem Finkelsteen, Check Point’s head of threat intelligence, said in a news release Thursday, referring to the disease caused by the virus. “All public sector entities and [telecommunications companies] everywhere should be extra wary of documents and websites themed around Coronavirus.”
The report tracks closely with the findings from a slew of cybersecurity experts. Last month, for example, researchers working with IBM revealed a spam email campaign in Japan that sought to steal data from those who opened infected attachments. On Thursday, cybersecurity company FireEye detailed efforts by malicious actors in China, North Korea and Russia to leverage global fears about coronavirus to aid their espionage.
In many cases, the hackers lured unsuspecting victims into downloading documents that appeared to come from official health authorities — only to deliver malicious code that could co-opt a target's computer.
Known Russian hacking groups targeted Ukraine, according to FireEye, and hackers suspected to be North Korean in origin appeared to take aim at a nongovernmental organization in South Korea. Chinese hacking groups set their sights on East Asia, sometimes luring targets using documents that contained official statistics about coronavirus infections, the firm found.
In recent weeks, U.S. officials have warned about malicious actors seeking to seize on global coronavirus concerns to peddle fraudulent products or extract sensitive information. Last week, for example, a top cybersecurity arm at the Department of Homeland Security flagged the potential that criminals and hackers “may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.”
These reports come amid growing evidence that cybercriminals see opportunity amid the pandemic. Check Point reported it had found 4,000 new website domains related to the coronavirus, with 3 percent containing malicious software.
Another popular tactic has been spearphishing, in which misleading emails carry links that, when clicked, cause users to load malicious software onto their devices.
Other researchers have documented how maps of infection, World Health Organization reports and information on accessing government benefits related to the pandemic have been altered to include malicious software. Potential targets have been in Indonesia, Japan and other nations.
The sophistication of these attacks has varied widely, with some being relatively simple efforts to steal personal information, while others tracked the keys typed by users or sought more-extensive access to individual devices.