Phishing Attack

North Korean Hackers Are Using Phishing To Target 5 Million Users

CYFIRMA Researchers found out that North Korean Operatives Lazarus Group has planned to target 5 Million users using COVID 19 related phishing. Group is targeting individual and businesses across 6 countries and multiple continents.

How Hackers Are Targeting?

Hackers send you phishing emails by using fake email ids representing local government emails. They will ask you to share your full details to get COVID 19 tests for free or to credit amount in your bank.

CYFIRMA has observed that hackers are planning to spoof or create fake email IDs impersonating various authorities. These are some of the emails discussed in their phishing campaign plan:

  • covid19notice@usda.gov
  • ccff-applications@bankofengland.co.uk
  • covid-support@mom.gov.sg
  • covid-support@mof.go.jp
  • ncov2019@gov.in
  • fppr@korea.kr

Below are the planned dates of the attacks as per the researchers.

Country NameCampaign Launch DateTarget
USA20-Jun-20Individuals
UK20-Jun-20Businesses
Japan20-Jun-20Individuals
India21-Jun-20Individuals
Singapore21-Jun-20Businesses
South Korea21-Jun-20Individuals
Attack Planned Dates

Hackers claimed to have millions of email ids of individuals and businesses. The plan is to send a spoof email representing a government organization and gather business and personal information. They will ask you to share your details to credit money or provide free offers. Do not click on any links from these type of emails.

How To Avoid Phishing and Data Loss

  • Don’t click on any link even if it shared by someone you know through emails. Go to the website directly after logging out of the email account.
  • Don’t open attachments from unknown senders.
  • Don’t download files with extensions like exe,pif,tmp,url,vb,vbe,scr,reg,cer,pst,cmd,com,bat,dll,dat,hlp,hta,js,wsf.
  • Check the sender email id and senders email domain before acting on emails.
  • Don’t sign in on any links that are shared in emails with your credentials. Check if URL is original or not by visiting the original website directly.
  • Report any unusual emails to incident@cert-in.org.in (India) along with email headers (email properties).