Intelligence agencies use coronavirus information to target enemies, analysts say

“We’ve seen Russia use it against Ukraine, China use it against Southeast Asia, North Korea against South Korea,” one cybersecurity analyst said.
Image: Concern In Vietnam As The Covid-19 Spreads
A Police officer checks up with a resident living within the isolated area on Cau Giay District on March 12, 2020 in Hanoi, Vietnam.Linh Pham / Getty Images

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Kevin Collier

Intelligence agencies around the world are sending out fake coronavirus information to hack and spy on their targets, cybersecurity researchers say.

It’s an everyday practice for government hackers to pepper targets that their governments want information on — trade negotiators in neighboring countries, for example — with phishing emails that try to get victims to click dodgy links or download malicious attachments. But given people’s interest around the world for more information about the coronavirus pandemic, government hackers know it’s a particularly tempting subject to get a victim to click on.

“We’ve seen Russia use it against Ukraine, China use it against Southeast Asia, North Korea against South Korea,” said Ben Read, the senior manager for cyberespionage analysis at the cybersecurity firm FireEye.

FireEye analyzed emails from Chinese hackers to Vietnamese targets, and in one purporting to be reassurances from Vietnamese Prime Minister Nguyen Xuan Phuc that the government was doing everything in its power to contain the spread of the virus FireEye found malware that would compromise the computer of any user who downloaded it.

“These lures have really authentic branding, like they pretend to be from the CDC or the WHO or other really credible groups, and then target people based on ‘this seems like a really interesting thing offering me more information in a time that has so much information,’” said Lindsay Kaye, who also researched coronavirus phishing emails for the cybersecurity company Recorded Future.

Other Korean-language emails were sent out from North Korean hackers, purporting to give details on the South Korean government’s response to the virus, Kaye said.

Some emails that CrowdStrike concluded were from Chinese intelligence showed

figures of the outbreak from Mongolia's Ministry of Health.

“The story started in Asia, and has kind of migrated, so the threat actors are following the virus,” said Adam Meyers, CrowdStrike’s vice president of intelligence. “They go from China to surrounding areas around China, they start targeting Japan, they start targeting South Korea, they start targeting Europe.”

While none of the researchers could confirm finding emails sent by intelligence agencies that specifically targeted American targets, they said that’s likely just a matter of time.

“Now that it’s officially a pandemic rising in cases and severity in the United States, you're going to see more,” Meyers said.