Checkpoint Research: Coronavirus Cyber Infection Trail Traced Back To China

Researchers at Check Point have intercepted a targeted cyber-attack by a Chinese APT group on a public sector entity in Mongolia. By leveraging the Coronavirus pandemic, the Chinese APT group sent two documents, both impersonating the Mongolian Ministry of Foreign Affairs in the form of press briefings, to personnel Mongolia’s public sector, luring the recipients into giving the hackers remote network access and an open-door to steal sensitive information.  One of the two documents that related to COVID-19, presented a title that translates to “About the Spread of new Coronavirus Infections” and went onto cite the National Health Committee of China.

Check Point researchers were able to trace the cyber attack to the Chinese group by extracting fingerprints left by the hackers on malware code stored on servers of the hackers, which were naked on the internet for a fraction in time. Through the data collected, Check Point researchers were able to uncover the entire infection chain, deducing that the Chinese APT group has been active since 2016 and is in the constant habit of targeting a variety of public sector entities and telcos worldwide: Russia, Ukraine, Belarus and now Mongolia.

Head of Threat Intelligence, Lotem Finkelsteen:

“COVID-19 is presenting not only a physical threat but a cyber threat as well,” says Lotem Finkelsteen, Head of Threat Intelligence at Check Point. “Our intelligence reveals that a Chinese APT group exploited the public interest in Coronavirus for its own agenda through a novel cyber infection chain. The group has been targeting not just Mongolia but other countries world-wide. All public sector entities and telcos everywhere should be extra wary of documents and websites themed around Coronavirus.”

Image Supplied By Checkpoint Blog

Coronavirus-themed Malware on the Rise

Check Point has determined that Coronavirus related domains are 50% more malicious than the overall rate of malicious domains registered. To date, Check Point has seen over 4,000 Coronavirus related domains registered globally – 3% of which are malicious, and an additional 5% are suspicious.  The industry-average of new domains registered that are malicious is 2%.  

Karabo Motsoai

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

A Wedding Cake Hanging From The Ceiling? What Else Would You Expect From Somizi And Mohale?

Mon Mar 16 , 2020
Views: 11 The wait is over. Somizi and Mohale’s white wedding is finally here, and streaming on Showmax. According to Somgaga, it was actually his love, Mohale Motaung, who made the most outrageous requests for their two weddings, like a 30-tier cake. We called up Kelly Jayne’s Cake Boutique, the […]

Let’s get social

Linen Drawer develops a Pure Linen Gown. - @linendrawer

Read more below...

#linenDrawer #linen #sleepwear #fashion

Sexy Socks is helping those in need. - @sexysockssa

See more below...

#sexysockssa #donation #charity #needy

Chefs with Compassion feeds 1,3 million people, secures sponsorship to continue feeding

Read more below...

#chefs #food #donation #feedingscheme #sibizinews

Cape Town Lights Up For Hope Every Night

Load More...
Wordpress Social Share Plugin powered by Ultimatelysocial