Coronvirus Phishing Campaign Targets Six Nations

The North Korean leader Kim Jong-un has reportedly instructed the hacker group, Lazarus, to use phishing scams to steal bitcoin and other crypto-currencies. Singapore, Japan, and the US are amongst six nations reportedly targeted in a COVID-19 themed phishing campaign.

The Lazarus Group has committed some notable crimes, such as the WannaCry ransomware attacks, hacking Sony, and stealing $81 million through cyberspace from the Bangladesh Central Bank.  Their latest scam is sending crypto executives an email about an open Chief Financial Officer position that contains an infected Microsoft Word document.

The North Korean state hacker group Lazarus are said to be ready to massively attack more than 5 million businesses and individuals who will receive phishing email messages from spoofed government accounts. This would include 8,000 organisations in Singapore where the business contacts highlighted in an email template were addressed to members of the Singapore Business Federation (SBF), according to a report from cybersecurity vendor Cyfirma

SBF is responsible for promoting Singapore businesses and currently represents 27,200 companies. The targeted Singapore businesses would reportedly receive phishing email messages, written in Chinese, from a fake Ministry of Manpower account, supposedly offering additional payouts for employees under the government's COVID-19 support packages. 

Opening the document attachment would trigger malware that would enable access to the victim’s computer.

It noted that governments in the six targeted nations all had announced funding support for enterprises and citizens to help them ride out the global pandemic, including Singapore, which said it would set aside almost SG$100 billion, and Japan, which unveiled 234 trillion yen in stimulus funds. 

Singapore's national cyber security agency SingCERT confirmed it received "information regarding a potential phishing campaign". It said there were "always" ongoing phishing attempts by various cyber-criminals that used different themes and baits and spoofed different entities.

This tactic remained a common and effective technique used to gain access to individuals' accounts, deliver malware, or trick victims into revealing confidential data.

Cyfirma said the phishing campaign was designed to impersonate government agencies and departments as well as trade associations that had been instructed to oversee the distribution of the COVID-19 financial aid. Their analysis identified seven email templates impersonating government agencies and business associations. 

SingCERT:       ZDNet:        CoinOunce:       Bitcoinist:

You Might Also Read: 

North Korean Hackers Specialise In Financial Theft:

 

« The Impact Of The Pandemic On Business Cyber Security
Who Actually Did Leak CIA Cyber Weapons Data? »

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

Caliber Security

Caliber Security

Caliber Security Partners provide information security and security assessment services.

Bonwyke

Bonwyke

Bonwyke's Window Film Signal Defence system protects against cyber surveillance from leakage of RF and IR signals from computers and mobile devices.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Cyware

Cyware

Cyware brings you the world's latest cyber security news curated to your interests and shortened to save you time.

Cyber Security Indonesia

Cyber Security Indonesia

Cyber Security Indonesia is Indonesia’s leading cyber security trade event.

Ignyte Assurance Platform

Ignyte Assurance Platform

Ignyte Assurance Platform™ is a leader in collaborative security and integrated GRC solutions for global corporations in Healthcare, Defense, and Technology.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC™ platform for fraud and risk management.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.