South Korea, Japan, the UK, US, India, Taiwan, and Singapore may see a deluge of COVID-19 themed email attacks from North Korean hacking group, Lazarus on 21st June
Don’t open any email containing the theme COVID-19 or Coronavirus. If you do, you may fall prey to the North Korean hacking group Lazarus’ latest COVID-19 phishing campaign targeting 5M across six nations. The countries that Lazarus is targeting are India, the US, United Kingdom, Taiwan, Singapore, and Japan.
The new Lazarus phishing campaign is targeting India and Singapore the most according to Singaporean security research firm, Cyfirma. Cyfirma’s founder and CEO Kumar Ritesh says that nearly 8,000 businesses in Singapore will be attacked through a spoofed email account claiming to be from the Ministry of Labour, Singapore. The North Korean Lazarus group has the email ids of members of the Singapore Business Federation (SBF). SBF is responsible for promoting Singapore businesses and currently represents 27,200 companies.
Similarly, the Lazarus hacking group also has 11 lakh individual email IDs in Japan, another 20 lakh in India, and 180,000 business contacts in the UK.
The targeted Singapore businesses would reportedly receive phishing email messages – written in Chinese – from a spoofed Ministry of Manpower account, supposedly offering additional payouts for employees under the government’s Covid-19 support packages.
The cybersecurity vendor said it first noticed the spam attack on June 1 and, since then, had been analyzing the threat actors behind these COVID-19 themed emails and gathering intelligence. Cyfirma confirms that this elaborating phishing scheme has originated from the Lazarus hacking group of North Korea and they have selected 21 and 22 June for their email blitz to the six nations.
Cyfirma says they have notified the individual government CERTs (Computer Emergency Response Teams) in Singapore, Japan, South Korea, India, and the US, as well as the UK National Cyber Security Centre. All six agencies had acknowledged the alert and currently were investigating.
If you receive any email with the subject line that says COVID-19 or Coronavirus, you should delete it immediately. Even if such emails are received from your known associates, you should delete them as Lazarus is known to spoof email ids making you believe they originated from your friends and colleagues.