Security Experts:

Connect with us

Hi, what are you looking for?



State-Backed Players Join Pandemic Cyber Crime Attacks

Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirous pandemic and posing an “advanced persistent threat” (APT), French defence technology giant Thales warned Monday.

Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirous pandemic and posing an “advanced persistent threat” (APT), French defence technology giant Thales warned Monday.

Hades, linked to the APT28 which is believed to be of Russian origin and behind an attack on the US Democrat party in 2016, was the first state-backed group to use the epidemic as bait, Thales’ cyber intelligence service reported.

“According to the cyber security company QiAnXin, Hades hackers waged a campaign in mid-February by hiding a Trojan horse in bait documents (…) disguised as e-mail from the Ukrainian health ministry’s public health centre,” Thales said.

“These targeted emails seem to have been part of an even bigger disinformation campaign that affected the entire country on different fronts,” with the aim of creating panic in Ukraine, it added.

Vicious Panda, a group believed to be of Chinese origin, was behind “a new campaign against the Mongolian public sector”, Thales said, quoting the US-Israeli firm Checkpoint.

Mustang Panda, also believed to be Chinese in origin, “managed to target Taiwan using new lures,” linked to the coronavirus, while Kimsuky, suspected to be of North Korean origin, continues to attack targets in South Korea, and APT36, a group said to have Pakistani origins, has gone after Indian targets.

Thales also warned of a proliferation of fake virus information applications for Android that exploit public demand.

The company said several sources confirmed that half of the domain names set up since December linked to COVID-19 themes are exposed to malware.

“It seems that the cyber threat ecosystem is following the geographical spread of COVID-19 with attacks first in Asia, then eastern Europe and now in western Europe,” Thales noted.

Related: Coronavirus Confinement Challenges Intelligence Services

Related: Android Surveillance Campaign Leverages COVID-19 Crisis

Related: China-linked APT Hackers Launch Coronavirus-Themed Attacks

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...