North Korea back Lazarus hacking group COVID-19 phishing campaign has started, State Bank of India warns its customers not to open emails having Free COVID-19 Testing
We had warned about a mass COVID-19 or coronavirus pandemic themed phishing attack on citizens of India, United States, Taiwan, Japan, Singapore, and South Korea by the dreaded North Korean hacking group Lazarus. The Lazarus hacking group phishing campaign started on 21st June and they are said to have nearly 2 million email ids belonging to Indians.
It seems that most of these email ids belong to the top lender in India, the State Bank of India and the Lazarus phishing attack has already started. Yesterday, State Bank of India started warning to its 20 lakh customers about phishing attacks in major Indian cities. In an advisory, SBI said, “Attention! It has come to our notice that a cyber attack is going to take place in major cities in India. Kindly refrain yourself from clicking on emails coming from [email protected] with a subject line Free COVID-19 Testing.”
Attention! It has come to our notice that a cyber attack is going to take place in major cities of India. Kindly refrain yourself from clicking on emails coming from [email protected] with a subject line Free COVID-19 Testing. pic.twitter.com/RbZolCjLMW
— State Bank of India (@TheOfficialSBI) June 21, 2020
North Korea backed Lazarus hacking group is spoofed emails to Indians residing in cities like New Delhi, Mumbai, Hyderabad, and Chennai. The Indian cybersecurity watchdog has issued a separate warning about these attacks through a tweet:
CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM
— CERT-In (@IndianCERT) June 20, 2020
The emails will seem like it originated from an authorized Indian government URL: gov.in and will contain the subject line Free COVID-19 Testing or CoronaVirus Free Tests. Once you click on the link on the email, it will lead you to a website that has malware payload. The malware will be downloaded on your PC/laptop or smartphone and will steal vital and confidential information like your banking details and usernames and passwords.
If you receive any email with the subject line that says COVID-19 or Coronavirus, you should delete it immediately. Even if such emails are received from your known associates, you should delete them as Lazarus is known to spoof email ids making you believe they originated from your friends and colleagues.