Vendetta: A threat actor who has been active throughout 2020 is now posing as a top Taiwanese infectious disease official and attempting to steal sensitive data from Taiwanese users. Specially crafted spear-phishing emails were targeting employees at Taiwan’s Centers for Disease Control according to ElevenPaths, a cybersecurity unit of the Spanish telecommunications firm Telefonica. The campaign began in early May as the emails were warning victims to get tested for COVID-19. The emails had an attachment that contained a remote tool that was capable of stealing login credentials and hijacking the victim’s webcams. These tools are commonly used by attackers to steal intelligence from their targets. Based on who the emails targeted, the group was likely attempting to steal information about research done in Taiwan for COVID-19.
Analyst Notes
The Vendetta threat group surfaced in recent months and appears proficient at impersonating authorities in multiple languages. The group is not known for carrying out large scale attacks and focuses on small attacks that they believe would yield them intelligence from their victims. Impersonating government officials during the time of COVID-19 has been a popular tactic amongst different groups, as many countries are attempting to find a vaccine for the virus and finding it first would have very strong benefits. By utilizing an email prompt warning people to get tested for COVID-19, the group is hoping that fear will take over when the email is opened and basic security practices will be put aside. Anyone who receives a suspicious email should always take extra time to analyze who the email came from and if it looks legitimate. If there is any doubt that the email could be fake, the recipient should follow up with the sender using a known email address or phone number, not by replying to the suspicious email.
More information can be found here: https://www.cyberscoop.com/vendetta-taiwan-coronavirus-telefonica/
