Attackers have begun targeting government agencies, apparently for espionage purposes, using the spread of the novel coronavirus and Covid-19 as a lure, researchers have found.
Check Point Research said it has discovered an unknown threat actor targeting the Mongolian public sector, using documents that supposedly provide information about the prevalence of new coronavirus infections.
The documents, one of which was supposedly sent by the Mongolian Ministry of Foreign Affairs, exploit a vulnerability in Microsoft Word to implant previously unknown malware into recipients’ computer systems, Check Point said in an advisory.
The “Vicious Panda” attack, as Check Point calls it, attempts to take remote control of systems and steal documents.
The malware tries to establish remote control functionality as well as the ability to take screenshots of the system and send them back to a control server, Check Point said.
The attack group remains anonymous, but Check Point said it appears to be based in China and has been operating since at least 2016.
The company linked the attack group to incidents across various sectors in countries including the Ukraine, Russia, and Belarus.
“The full intention of this Chinese APT group is still a mystery, but it is clear they are here to stay and will update their tools and do whatever it takes to attract new victims to their network,” Check Point said.
Separately, security firms including CrowdStrike and Vietnam’s VinCSS said a Chinese state-backed group known as Mustang Panda was using coronavirus-themed documents to spread malware in Vietnam.
Russian state-backed group Hades is believed to be behind a coronavirus-themed malware campaign in the Ukraine in mid-February, according to security group QiAnXin.
A North Korean group also used the coronavirus scare to spread malware in South Korea in late February, according to South Korea’s IssueMakersLab.
Those campaigns are in addition to numerous scams that have used the coronavirus outbreak and Covid-19 to carry out phishing attacks against individuals.
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…