Google’s Threat Analysis Group (TAG) released information regarding the newest wave of phishing attacks they detected which target US Government employees and healthcare organizations around the world. TAG identified over a dozen groups believed to be state-sponsored who they saw targeting individuals with a range of phishing emails leading to fake Google login pages designed to steal passwords. One of the phishing messages used an offer of free fast food meals and coupons, supposedly in response to COVID-19, to trick their targets. Google stated they have been working to block the domains that are being shared through these emails with their “safe-browsing” feature. TAG identified Charming Kitten or APT35, the Iranian-backed group as one of the culprits, as well as the South American group, Packrat, which used a spoofed World Health Organization webpage. Likewise, FireEye reported that APT32, an alleged Vietnamese threat actor, tried to compromise the personal and professional email accounts of government workers in China’s Ministry of Emergency Management and the Wuhan government.
Information around the COVID-19 pandemic is highly sought after for nation-states. Any information that can be stolen from other countries would be beneficial, whether that information is new research for a vaccine, information about infection tracking, or response and treatment details. That information would help the country understand what is happening within an adversary country instead of what is just being reported by news media. As the pandemic continues, attack trends like these will likely also continue. It is important to note that the TAG reported that they are not seeing an overall rise in attacks from state-sponsored threat actors, but the tactics they are switching to are using themes related to COVID-19.
More can be read here: https://www.bleepingcomputer.com/news/security/state-backed-phishing-targets-govt-employees-with-fast-food-lures/
Information about APT32 attacks here: https://www.reuters.com/article/us-health-coronavirus-cyber-vietnam/vietnam-linked-hackers-targeted-chinese-government-over-coronavirus-response-researchers-idUSKCN2241C8