Posted on June 20, 2020 at 11:26 AM
A recent report revealed that A COVID-19 themed campaign from the North Korea Lazarus hacking group will be targeting six nations via fake Ministry of Power account. The US, Japan, and Singapore are also among the six targeted nations. According to the report, the attack is scheduled to take place tomorrow.
The notorious North Korean hacking syndicate, the Lazarus group, is believed to be the proponent of the heavy attack which may affect over 5 million individuals and businesses who would receive emails from fake government accounts. The attackers are also planning to send spooked messages to 8,000 recipient organizations in Singapore.
Based on the report by cybersecurity firm, Cyfirm, the business contracts in the fake email template will be sent to members of the Singapore Business Unit (SBF), which was established in 2021. SBI was introduced by Indonesia’s Ministry of Trade and Industry, with over 27,000 companies as members and the responsibility of promoting Singapore businesses.
Group intends sending malware messages
The purported attack is one of the large-scale hacking campaigns of the group to gain financially from the attack. According to the report, the group intends to send fake websites to the targeted victims and deceive them into revealing their financial data and personal details.
The news is coming after governments of these 6 targeted countries have funded or in the process of funding citizens and enterprises to help them come out from the current global pandemic. Japan recently released about 234 trillion yen while Singapore is proposing a 100 billion Singaporean dollar in COVID-19 palliatives.
Targeted governments have been notified
Cyfirma revealed it has already informed the targeted governments of the impending attack for them to beef up security and take necessary security measures. The targeted governments and institutions are taking actions to prevent the attack by informing all targeted agencies and institutions.
Kumar Ritesh, Chief Executive Officer of Cyfirma, said he informed the Computer Emergency Response Team (CERT) of the respective governments on June 18 with details of the impending attack. All the agencies have received the alert and are presently investigating the situation.
The CERT agency in Singapore has revealed it received the alert concerning the impending threat and there are ongoing plans to mitigate their attack. In preparation for the threat, SingCERT posted an advisory on its website yesterday.
It stated that various cybercriminals are always using different baits and terms for their phishing attempts. This method has remained a popular and effective tactic utilized by these cybercriminals to deliver malware, gain access to individual’s profiles, and deceive them into exposing their confidential details. Therefore, it’s in the agency’s genuine interest to always provide strong security measures whenever news of a threat of such magnitude is received, SingCERT declares.
SingCERT was asked whether the agency has suffered any data breach or how the agency intends to keep the email accounts of the ministry safe. But it has not responded directly to the questions.
However, the agency pointed out that it is working with some relevant and targeted organizations to inform them about the security threat with advisory on dealing with the impending phishing campaign.
Phishing campaign designed to impersonate government agencies
Cyfirma has revealed that the phishing campaign is targeting government departments and agencies as well as trade associations responsible for disbursing the COVD-19 palliatives.
The cybersecurity firm said it first got information about the attack on June 1, but has been gathering evidence about the campaign and analyzing data about their attacking methods. During its research, Ritesh said Cyfirma discovered that the Lazarus group will be using about 7 different phishing email templates to carry out their attack on the organizations.
He also pointed out the cybersecurity firm has looked into their COVID-19 related activities for the past six months.
“In the past six months, we have also monitored hacker activities related to the COVID-19 pandemic,” Ritesh said.
He reiterated that they tapped the group’s intelligence platform to gather information and uncover cyber threats the group has been hatching. Cyfirma utilized its analytical systems and algorithms to analyze the data and connect the dots to identify the operational methods and motives of the hackers.
The security team said it will continue doing its best to keep everyone informed about any recent developments it will discover about the hackers.