Checkpoint Research: Coronavirus Cyber Infection Trail Traced Back To China

Researchers at Check Point have intercepted a targeted cyber-attack by a Chinese APT group on a public sector entity in Mongolia. By leveraging the Coronavirus pandemic, the Chinese APT group sent two documents, both impersonating the Mongolian Ministry of Foreign Affairs in the form of press briefings, to personnel Mongolia’s public sector, luring the recipients into giving the hackers remote network access and an open-door to steal sensitive information.  One of the two documents that related to COVID-19, presented a title that translates to “About the Spread of new Coronavirus Infections” and went onto cite the National Health Committee of China.

Check Point researchers were able to trace the cyber attack to the Chinese group by extracting fingerprints left by the hackers on malware code stored on servers of the hackers, which were naked on the internet for a fraction in time. Through the data collected, Check Point researchers were able to uncover the entire infection chain, deducing that the Chinese APT group has been active since 2016 and is in the constant habit of targeting a variety of public sector entities and telcos worldwide: Russia, Ukraine, Belarus and now Mongolia.

Head of Threat Intelligence, Lotem Finkelsteen:

“COVID-19 is presenting not only a physical threat but a cyber threat as well,” says Lotem Finkelsteen, Head of Threat Intelligence at Check Point. “Our intelligence reveals that a Chinese APT group exploited the public interest in Coronavirus for its own agenda through a novel cyber infection chain. The group has been targeting not just Mongolia but other countries world-wide. All public sector entities and telcos everywhere should be extra wary of documents and websites themed around Coronavirus.”

Image Supplied By Checkpoint Blog

Coronavirus-themed Malware on the Rise

Check Point has determined that Coronavirus related domains are 50% more malicious than the overall rate of malicious domains registered. To date, Check Point has seen over 4,000 Coronavirus related domains registered globally – 3% of which are malicious, and an additional 5% are suspicious.  The industry-average of new domains registered that are malicious is 2%.  

Karabo Motsoai

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

A Wedding Cake Hanging From The Ceiling? What Else Would You Expect From Somizi And Mohale?

Mon Mar 16 , 2020
Views: 12 The wait is over. Somizi and Mohale’s white wedding is finally here, and streaming on Showmax. According to Somgaga, it was actually his love, Mohale Motaung, who made the most outrageous requests for their two weddings, like a 30-tier cake. We called up Kelly Jayne’s Cake Boutique, the […]

Let’s get social

Hi guys so I have this Magazine called Known Magazine @knownmagazine_, we are currently on our 4th issue. Please check it out and for improvements, I'd really appreciate your feedback! - @MathapeloPitse on the cover.

#magazine #coverstar #knownmagazine

RADIO: DJ Sbu launches a second radio station

Under Leadership 2020, a personal development & educational services company, they have taken the plunge & dedicated their focus on #OpenUpTheIndustry with a second radio outfit, aptly titled HOMEGROWN


You’re officially looking at the new Uzalo, Durban Gen & Lingashoni promo editor 🙏🏾💯🔥

God came through 🚨
Shout out Bafo Media

My #BTSignature QUEENS come in both alcoholic and non-Alcoholic! We’ve got you covered! Available at all Shoprite Liquor Stores nationwide. 😍😍😍🥂🥂🥂💫💫💫


We are proud to partner with @Boity on the launch of BT Signature. A new drink that is about to change the way we celebrate, forever! Must be 18+ to enjoy🔞. Available at select Shoprite LiquorShop stores nationwide. Follow @bt_signature for more.

Load More...
Wordpress Social Share Plugin powered by Ultimatelysocial