While vaccines are slowly being distributed around the world, COVID-19 is still on the loose, and the in many ways – the world is still at a halt. Researchers at Kaspersky have recently discovered attacks against COVID-19-related entities, probably attempting to get their hands on vaccine research. The perpetrators behind this sneaky and specialized attack are none other than the mysterious Lazarus Group, a cybercrime group with strong links to North Korea, and known for some large cyberattacks over the last decade, such as the WannaCry attacks, Sony breach, and more. While tracking the group’s activity over a variety of industries, the Kaspersky researchers spotted two COVID-related attacks – one on a pharmaceutical company, and the other on a government ministry involved in COVID-19 response.

The First Attack: Pharmaceutical Company

The company was breached on September 25, 2020 with the BookCodes RAT in a supply chain attack through a South Korean software company. 

The Second Attack: Government Agency

On October 27, 2020, two Windows servers were breached at the government health ministry. Lazarus Group installed a wAgent malware, using it to download other malicious payloads from their C2 servers. This infection scheme is the same as a scheme the group has previously used in attacks on cryptocurrency businesses.

 

lazarus

(Photo credit: Securelist by Kaspersky)

 

The global COVID-19 pandemic has definitely changed up the cyber landscape. During the first months, coronavirus-themed phishing was the most popular effect of this deadly virus on cyber attacks. Next came Zoom security problems, and online-learning-related breaches, and now we’re seeing another genre of COVID attacks – those that aren’t leveraging the virus to trick victims, but rather are in pursuit of medical research. Why the attackers want this information remains a mystery. Some may think that it is to speed up the country’s vaccine development, while others may say the research is a valuable piece of information to steal (or hold for ransom). What we know for sure is that COVID-19-related cyber attacks will not be going away too quickly while the virus is still out and about.

 

Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?

Get a Demo