CYFIRMA researchers picked up the first lead on June 1, 2020, and analysed the planned campaign, decoding the threats, and gathering evidence

New Delhi: Lazarus, a North Korea-sponsored hacking group, hatched a plot to launch mass-scale ‘phishing’ attacks through fake emails designed as COVID-19 relief efforts. The target of ‘phishing’ attack are the countries like US, UK, Japan, Singapore, and South Korea and India, where the respective governments extended stimulus payments to deal with COVID-19 pandemic. 

“These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information,” said a security research firm, CYFIRMA, which has exposed the Lazarus Group’s plans.

CYFIRMA said, “There is a common thread across six targeted nations in multiple continents – the governments of these countries have announced significant financial support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies.” 

CYFIRMA researchers picked up the first lead on June 1, 2020, and analysed the planned campaign, decoding the threats, and gathering evidence. The hackers planned to launch attacks in six countries across multiple continents over a two-day period. The six targeted nations recently announced financial support to individuals and businesses to stabilize their COVID-19 pandemic-ravaged economies.

Of these countries, Singapore announced almost SGD 100B; Japan announced stimulus funds of about 234 trillion yen; Korea government allocated a total of $ 200 billion of emergency relief funds; Indian government announced Rs 20 lakh crore package; America set aside trillions of dollars to prop up its economy, and the UK government also came out with COVID-19 recovery strategy.

CYFIRMA found that “The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks.” “Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability,” it added.

“The Lazarus Group’s upcoming phishing campaign is designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” said the research firm.

The research firm also observed that hackers are planning to spoof or create fake email IDs impersonating various authorities. It also cited some of the emails discussed in the phishing campaign plan: covid19notice@usda.gov, ccff-applications@bankofengland.co.uk, covid-support@mom.gov.sg, covid-support@mof.go.jp, ncov2019@gov.in, and fppr@korea.kr.

For launching their campaign in India, hackers claimed to have 2M individual email IDs. "The plan is to send emails free COVID-19 testing for all residence of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad inciting them to provide personal information. 

The CYFIRMA research said that the phishing campaigns for India are scheduled to be launched on June 21, targeting individuals.