Threat group APT32 targets Chinese state agencies in efforts to steal Covid-19-related information

Spear-phishing attacks started just after the WHO issued its first warning about novel coronavirus

Hackers suspected to have ties with the Vietnamese government are currently trying to break into Chinese state organisations in the hope of stealing valuable information about the Covid-10 outbreak.

That's according to US cyber security company FireEye, which states that the attacks have been on-going since January 2020, with the actors trying to compromise the professional and personal email accounts of people working for the government of Wuhan and the Chinese Ministry of Emergency Management.

The first attempt to hack the Chinese government staff happened on 6th January, just a day after the World Health Organisation (WHO) published its first warning about Covid-19 outbreak.

Members of APT32 sent spear-phishing emails to targets with tracking links which notified hackers when those links were clicked by the email recipient.

The attackers then sent more phishing messages that contained malicious files with the METALJACK virus. When infected attachments are opened by the victim, the virus is loaded into the memory of their device eventually giving the hackers access to sensitive files on the machine.

The lures APT32 sent to its Chinese targets included Covid-19 themes designed to entice them to click on the links.

One such malicious file was labelled "Covid-19 live updates: China is currently tracking all travellers coming from Hubei Province" which displayed a related article published on the New York Times.

It is not yet known if the intrusion attempts by APT32 were successful, but this espionage operation clearly suggests that hackers ranging from state-sponsored groups to cyber gangs are currently trying to exploit the coronavirus outbreak in efforts to steal non-public information from organisations across the world.

Earlier this month, Reuters reported that hackers suspected to have ties with Iranian government were attempting to break into personal email accounts of the World Health Organisation (WHO) employees in efforts to steal confidential information on coronavirus outbreak.

Flavio Aggio, CISO at WHO, said in March that the agency had seen a two-fold increase in attempted cyber attacks against it since the start of coronavirus crisis.

The US Health and Human Services (HHS) Department also revealed last month it was hit by a cyber attack that seemed to be focused on hurting its ability to respond to the coronavirus crisis. In this case, the attackers didn't attempt to steal any data but tried to overload HHS' systems with traffic through a distributed denial of service (DDoS) attack.

"The Covid-19 crisis poses an intense, existential concern to governments, and the current air of distrust is amplifying uncertainties, encouraging intelligence collection on a scale that rivals armed conflict," FireEye researchers state in their report.

"Until this crisis ends, we anticipate related cyber espionage will continue to intensify globally."