Attack groups make use of chaos around coronavirus to target organisations in Mongolia, South Korea, Ukraine, Vietnam and elsewhere
Attackers have begun targeting government agencies, apparently for espionage purposes, using the spread of the novel coronavirus and Covid-19 as a lure, researchers have found.
Check Point Research said it has discovered an unknown threat actor targeting the Mongolian public sector, using documents that supposedly provide information about the prevalence of new coronavirus infections.
The documents, one of which was supposedly sent by the Mongolian Ministry of Foreign Affairs, exploit a vulnerability in Microsoft Word to implant previously unknown malware into recipients’ computer systems, Check Point said in an advisory.
The “Vicious Panda” attack, as Check Point calls it, attempts to take remote control of systems and steal documents.
The malware tries to establish remote control functionality as well as the ability to take screenshots of the system and send them back to a control server, Check Point said.
The attack group remains anonymous, but Check Point said it appears to be based in China and has been operating since at least 2016.
The company linked the attack group to incidents across various sectors in countries including the Ukraine, Russia, and Belarus.
“The full intention of this Chinese APT group is still a mystery, but it is clear they are here to stay and will update their tools and do whatever it takes to attract new victims to their network,” Check Point said.
Russian state-backed group Hades is believed to be behind a coronavirus-themed malware campaign in the Ukraine in mid-February, according to security group QiAnXin.
A North Korean group also used the coronavirus scare to spread malware in South Korea in late February, according to South Korea’s IssueMakersLab.
Those campaigns are in addition to numerous scams that have used the coronavirus outbreak and Covid-19 to carry out phishing attacks against individuals.