Categories: SecurityWorkspace

Hackers Use Coronavirus Scare To Attack Government Systems

Attackers have begun targeting government agencies, apparently for espionage purposes, using the spread of the novel coronavirus and Covid-19 as a lure, researchers have found.

Check Point Research said it has discovered an unknown threat actor targeting the Mongolian public sector, using documents that supposedly provide information about the prevalence of new coronavirus infections.

The documents, one of which was supposedly sent by the Mongolian Ministry of Foreign Affairs, exploit a vulnerability in Microsoft Word to implant previously unknown malware into recipients’ computer systems, Check Point said in an advisory.

The “Vicious Panda” attack, as Check Point calls it, attempts to take remote control of systems and steal documents.

Image credit: World Health Organisation


The malware tries to establish remote control functionality as well as the ability to take screenshots of the system and send them back to a control server, Check Point said.

The attack group remains anonymous, but Check Point said it appears to be based in China and has been operating since at least 2016.

The company linked the attack group to incidents across various sectors in countries including the Ukraine, Russia, and Belarus.

“The full intention of this Chinese APT group is still a mystery, but it is clear they are here to stay and will update their tools and do whatever it takes to attract new victims to their network,” Check Point said.

State-backed attacks

Separately, security firms including CrowdStrike and Vietnam’s VinCSS said a Chinese state-backed group known as Mustang Panda was using coronavirus-themed documents to spread malware in Vietnam.

Russian state-backed group Hades is believed to be behind a coronavirus-themed malware campaign in the Ukraine in mid-February, according to security group QiAnXin.

A North Korean group also used the coronavirus scare to spread malware in South Korea in late February, according to South Korea’s IssueMakersLab.

Those campaigns are in addition to numerous scams that have used the coronavirus outbreak and Covid-19 to carry out phishing attacks against individuals.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

1 day ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

1 day ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

1 day ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

2 days ago