North Korean #COVID19 Phishing Campaign Targets Six Countries

Written by

Security researchers are warning of a multi-country North Korean phishing campaign designed to capitalize on government COVID-19 bail-out measures.

The operation is being undertaken by Pyongyang’s notorious Lazarus Group, and is “designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” according to Cyfirma.

The Goldman Sachs-backed cybersecurity startup said that the campaign was slated to launch over the weekend in the US, UK, India, Japan, Singapore and South Korea.

First spotting evidence of the operation at the start of the month, the researchers claim to have found seven email templates impersonating government departments and institutions like the Bank of England, Singapore’s Ministry of Manpower, Japan’s Ministry of Finance and the US Department of Agriculture.

The group will apparently use millions of email addresses and business contact details to target their victims via these spoofed domains. In many cases the phishing messages will claim to be offering a new government-backed business support payment.

“The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded COVID-19 support initiatives. These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information,” Cyfirma explained.

“Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.”

Singapore’s CERT has already issued an alert urging businesses and individuals to be vigilant and avoid clicking on links or opening attachments in unsolicited emails.

Despite this new COVID-themed threat from North Korea, Microsoft claimed last week that malicious emails utilizing the pandemic comprised less than 2% of the total detected by the firm over the past four months.

What’s hot on Infosecurity Magazine?