State-sponsored hackers are using COVID-19 lures, Google warns

Pierluigi Paganini April 23, 2020

Google warns that nation-backed hackers are exploiting the COVID-19 pandemic to organizations involved in the fight against the pandemic.

Google is warning that nation-state actors are exploiting the COVID-19 (Coronavirus) pandemic to target health care organizations and entities involved in the fight against the pandemic.

Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups using COVID-19 lures.

“Hackers frequently look at crises as an opportunity, and COVID-19 is no different. Across Google products, we’re seeing bad actors use COVID-related themes to create urgency so that people respond to phishing attacks and scams.” reads the post published by Google. “Our security systems have detected examples ranging from fake solicitations for charities and NGOs, to messages that try to mimic employer communications to employees working from home, to websites posing as official government pages and public health agencies.”

Recently, Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days. The IT giant also announced to have blocked more than 240 million spam messages related to the ongoing COVID-19 pandemic.

Examples of lure include fake solicitations for charities and NGOs, messages that mimic employer communications to employees working from home, and websites posing as official government pages and public health agencies.

The following image shows location of users targeted by government-backed COVID-19 related attacks.

One notable phishing campaign observed by Google’s experts targeted personal accounts of U.S. government employees. Attackers used American fast food franchises and COVID-19 messaging as lures, the messages offer free meals and coupons in response to COVID-19, others instruct recipients to visit bogus web sites disguised as online ordering and delivery options.

Upon clicking on the links included in the email, victims were presented with phishing pages designed to trick them into providing their Google account credentials.

Fortunately, most of the messages were automatically filtered as spam, Google blocked the bogus websites asking for Google credentials.

“We’re not aware of any user having their account compromised by this campaign, but as usual, we notify all targeted users with a ‘government-backed attacker’ warning,” continues the post. “We’ve also seen attackers try to trick people into downloading malware by impersonating health organizations.”

In other attacks observed by Google, state-sponsored hackers attempted to trick recipients into downloading malware by impersonating health organizations.

Experts noticed some COVID-19 themed targeting of international health organizations, Google attributes them to the Charming Kitten Iran-linked APT group.

“Our team also found new, COVID-19-specific targeting of international health organizations, including activity that corroborates reporting in Reuters earlier this month and is consistent with the threat actor group often referred to as Charming Kitten.” continues Google. “The team has seen similar activity from a South American actor, known externally as Packrat, with emails that linked to a domain spoofing the World Health Organization’s login page.”

Google is proactively adding extra security protections to more than 50,000 accounts that could be targeted by nation-state hackers.

The IT giant explained that it is not observing an overall rise in phishing attacks by government-backed groups, APT groups are only changing tactics using COVID-19 lures.

“As the world continues to respond to COVID-19, we expect to see new lures and schemes.” concludes Google.

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Google, Coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment