Its been all over the news, the Corona pandemic. Being a part of Threat Intelligence definitely helped me protect the infrastructure I work for. Whilst it all started with cyber attackers using a Fake Coronavirus campaign deploying Emotet, it slowly and steadily spread across different continents and Threat Actors(TA) to use this opportunity to deploy their malicious tools, intents.
While a little humane on TA would have been appreciated, It never was a problem for TA to lure users to open a fake Coronavirus docs, pdf. Off-late we have seen 17 different TA including APT groups targeting users impersonating WHO, CDC and reputed identities targeting the most unexpected. The campaigns started with Emotet moved on to deploy Nanocore RAT, Parallax RAT, and AZORult. Threat Actors even targeted Coronavirus Maps (https://www.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6) scrapped it and created a look-a-like corona-virus-map [dot] com.
It started with Phishing emails with malicious attachments, deploying Nanocore RAT, Parallax RAT, and AZORult (as of this write-up) with Threat actors to ATPs targeting lame-man with their fake alerts, awareness campaigns. And to top all this intel, there were close to 7000+ new websites registered during this period all related to Coronavirus and most deploying malware. Its definitely time for each and everyone to sway away from these virus both physically and in cyber world.
Comments