Coronvirus Phishing Campaign Targets Six Nations

Uploaded on 2020-07-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The North Korean leader Kim Jong-un has reportedly instructed the hacker group, Lazarus, to use phishing scams to steal bitcoin and other crypto-currencies. Singapore, Japan, and the US are amongst six nations reportedly targeted in a COVID-19 themed phishing campaign.

The Lazarus Group has committed some notable crimes, such as the WannaCry ransomware attacks, hacking Sony, and stealing $81 million through cyberspace from the Bangladesh Central Bank.  Their latest scam is sending crypto executives an email about an open Chief Financial Officer position that contains an infected Microsoft Word document.

The North Korean state hacker group Lazarus are said to be ready to massively attack more than 5 million businesses and individuals who will receive phishing email messages from spoofed government accounts. This would include 8,000 organisations in Singapore where the business contacts highlighted in an email template were addressed to members of the Singapore Business Federation (SBF), according to a report from cybersecurity vendor Cyfirma

SBF is responsible for promoting Singapore businesses and currently represents 27,200 companies. The targeted Singapore businesses would reportedly receive phishing email messages, written in Chinese, from a fake Ministry of Manpower account, supposedly offering additional payouts for employees under the government's COVID-19 support packages. 

Opening the document attachment would trigger malware that would enable access to the victim’s computer.

It noted that governments in the six targeted nations all had announced funding support for enterprises and citizens to help them ride out the global pandemic, including Singapore, which said it would set aside almost SG$100 billion, and Japan, which unveiled 234 trillion yen in stimulus funds. 

Singapore's national cyber security agency SingCERT confirmed it received "information regarding a potential phishing campaign". It said there were "always" ongoing phishing attempts by various cyber-criminals that used different themes and baits and spoofed different entities.

This tactic remained a common and effective technique used to gain access to individuals' accounts, deliver malware, or trick victims into revealing confidential data.

Cyfirma said the phishing campaign was designed to impersonate government agencies and departments as well as trade associations that had been instructed to oversee the distribution of the COVID-19 financial aid. Their analysis identified seven email templates impersonating government agencies and business associations. 

SingCERT:       ZDNet:        CoinOunce:       Bitcoinist:

You Might Also Read: 

North Korean Hackers Specialise In Financial Theft:

 

« The Impact Of The Pandemic On Business Cyber Security
Who Actually Did Leak CIA Cyber Weapons Data? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Cyber Husky

Cyber Husky

Cyber Husky is an agile technology company that specializes in cloud solutions, cybersecurity, and managed IT services.

Boo Consulting

Boo Consulting

Boo Consulting is a trusted privacy and risk consultancy firm. We are driven to help you find an appropriate solution that will suit your budget and requirements.